| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1675 - Flaw Remediation | Time To Remediate Flaws / Benchmarks For Corrective Actions | ||
| Id | facb66e0-1c48-478a-bed5-747a312323e1 | ||
| Version | 1.0.0 Details on versioning |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this System and Information Integrity control | ||
| Additional metadata |
Name/Id: ACF1675 / Microsoft Managed Control 1675 Category: System and Information Integrity Title: Flaw Remediation | Time To Remediate Flaws / Benchmarks For Corrective Actions Ownership: Customer, Microsoft Description: The organization: Establishes 30 days for high risk flaws, 90 days for moderate risk flaws for taking corrective actions. Requirements: To track and benchmark flaw remediation, Azure conducts reporting of security vulnerabilities via the scan results. Azure utilizes a Vulnerability Management and Reporting Tool which provides Azure personnel the ability to review vulnerability data from a reporting interface including the date the patch was made available. Most security updates are required to be installed within thirty (30) days of the notification of the update’s availability. Verified flaws identified for Azure as a result of the monthly scan process are identified and tracked as part of the Azure Plan of Actions and Milestones (POA&M) process. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|