last sync: 2022-Dec-02 17:43:06 UTC

Changes on Azure Policy definitions

Category Id DisplayName Description Effect Roles used Subject Details (UTC ymd) (i)
Monitoring 0a3b9bf4-d30e-424a-af6b-9a93f6f78792 Configure Windows Virtual Machine Scale Sets to be associated with a Data Collection Rule Deploy Association to link Windows virtual machine scale sets to specified Data Collection Rule. The list of locations and OS images are updated over time as support is increased. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 002
Log Analytics Contributor
Monitoring Contributor
change
2022-11-04 17:41:52
Major (1.1.0 > 2.0.0)
Cognitive Services 0725b4dd-7e76-479c-a735-68e7ee23d5ca Cognitive Services accounts should disable public network access To improve the security of Cognitive Services accounts, ensure that it isn't exposed to the public internet and can only be accessed from a private endpoint. Disable the public network access property as described in https://go.microsoft.com/fwlink/?linkid=2129800. This option disables access from any public address space outside the Azure IP range, and denies all logins that match IP or virtual network-based firewall rules. This reduces data leakage risks. Default
Audit
Allowed
Audit, Deny, Disabled
change
2022-11-04 17:41:52
Patch (3.0.0 > 3.0.1)
Security Center 1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Defender Cloud Security Posture Management (CSPM) provides enhanced posture capabilities and a new intelligent cloud security graph to help identify, prioritize, and reduce risk. Defender CSPM is available in addition to the free foundational security posture capabilities turned on by default in Defender for Cloud. Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
add
2022-11-04 17:41:52
1f90fc71-a595-4066-8974-d4d0802e8ef0
Monitoring eab1f514-22e3-42e3-9a1f-e1dc9199355c Configure Windows Machines to be associated with a Data Collection Rule Deploy Association to link Windows virtual machines, virtual machine scale sets, and Arc machines to specified Data Collection Rule. The list of locations and OS images are updated over time as support is increased. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 002
Log Analytics Contributor
Monitoring Contributor
change
2022-11-04 17:41:52
Major (2.1.0 > 3.0.0)
Security Center 689f7782-ef2c-4270-a6d0-7664869076bd Configure Microsoft Defender CSPM to be enabled Defender Cloud Security Posture Management (CSPM) provides enhanced posture capabilities and a new intelligent cloud security graph to help identify, prioritize, and reduce risk. Defender CSPM is available in addition to the free foundational security posture capabilities turned on by default in Defender for Cloud. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 001
Security Admin
add
2022-11-04 17:41:52
689f7782-ef2c-4270-a6d0-7664869076bd
Monitoring 244efd75-0d92-453c-b9a3-7d73ca36ed52 Configure Windows Virtual Machines to be associated with a Data Collection Rule Deploy Association to link Windows virtual machines to specified Data Collection Rule. The list of locations and OS images are updated over time as support is increased. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 002
Log Analytics Contributor
Monitoring Contributor
change
2022-11-04 17:41:52
Major (1.1.0 > 2.0.0)
Security Center 938c4981-c2c9-4168-9cd6-972b8675f906 Microsoft Defender for SQL status should be protected for Arc-enabled SQL Servers Microsoft Defender for SQL provides functionality for surfacing and mitigating potential database vulnerabilities, detecting anomalous activities that could indicate threats to SQL databases, discovering and classifying sensitive data. Once enabled, the protection status indicates that the resource is actively monitored. Even when Defender is enabled, multiple configuration settings should be validated on the agent, machine, workspace and SQL server to ensure active protection. Default
Audit
Allowed
Audit, Disabled
add
2022-10-28 16:42:53
938c4981-c2c9-4168-9cd6-972b8675f906
Update Management Center ba0df93e-e4ac-479a-aac2-134bbae39a1a [Preview]: Schedule recurring updates using Update Management Center You can use update management center (private preview) in Azure to save recurring deployment schedules to install operating system updates for your Windows Server and Linux machines in Azure, in on-premises environments, and in other cloud environments connected using Azure Arc-enabled servers. This policy will also change the patch mode for the Azure Virtual Machine to 'AutomaticByPlatform'. See more: https://aka.ms/umc-scheduled-patching Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 001
Contributor
change
2022-10-28 16:42:53
Major, suffix remains equal (1.0.0-preview > 2.0.0-preview)
Machine Learning a6f9a2d0-cff7-4855-83ad-4cd750666512 Configure Machine Learning computes to disable local authentication methods Disable location authentication methods so that your Machine Learning computes require Azure Active Directory identities exclusively for authentication. Learn more at: https://aka.ms/azure-ml-aad-policy. Default
Modify
Allowed
Modify, Disabled
count: 001
Contributor
change
2022-10-28 16:42:53
Major (1.0.0 > 2.0.0)
Kubernetes 5485eac0-7e8f-4964-998b-a44f4f0c1e75 Kubernetes cluster Windows containers should not run as ContainerAdministrator Prevent usage of ContainerAdministrator as the user to execute the container processes for Windows pods or containers. This recommendation is intended to improve the security of Windows nodes. For more information, see https://kubernetes.io/docs/concepts/windows/intro/ . Default
Audit
Allowed
Audit, Deny, Disabled
add
2022-10-28 16:42:53
5485eac0-7e8f-4964-998b-a44f4f0c1e75
Machine Learning e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Machine Learning computes should have local authentication methods disabled Disabling local authentication methods improves security by ensuring that Machine Learning computes require Azure Active Directory identities exclusively for authentication. Learn more at: https://aka.ms/azure-ml-aad-policy. Default
Audit
Allowed
Audit, Deny, Disabled
change
2022-10-28 16:42:53
Major (1.0.0 > 2.0.0)
Automation dea83a72-443c-4292-83d5-54a2f98749c0 Automation Account should have Managed Identity Use Managed Identities as the recommended method for authenticating with Azure resources from the runbooks. Managed identity for authentication is more secure and eliminates the management overhead associated with using RunAs Account in your runbook code . Default
Audit
Allowed
Audit, Disabled
add
2022-10-28 16:42:53
dea83a72-443c-4292-83d5-54a2f98749c0
Kubernetes d2e7ea85-6b44-4317-a0be-1b951587f626 Kubernetes clusters should not grant CAP_SYS_ADMIN security capabilities To reduce the attack surface of your containers, restrict CAP_SYS_ADMIN Linux capabilities. For more information, see https://aka.ms/kubepolicydoc. Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
change
2022-10-21 16:42:13
Patch (5.0.0 > 5.0.1)
Kubernetes 040732e8-d947-40b8-95d6-854c95024bf8 Azure Kubernetes Service Private Clusters should be enabled Enable the private cluster feature for your Azure Kubernetes Service cluster to ensure network traffic between your API server and your node pools remains on the private network only. This is a common requirement in many regulatory and industry compliance standards. Default
Audit
Allowed
Audit, Deny, Disabled
change
2022-10-21 16:42:13
Patch (1.0.0 > 1.0.1)
Kubernetes 47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Block pod containers from sharing the host process ID namespace and host IPC namespace in a Kubernetes cluster. This recommendation is part of CIS 5.2.2 and CIS 5.2.3 which are intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
change
2022-10-21 16:42:13
Patch (5.0.0 > 5.0.1)
Automanage b025cfb4-3702-47c2-9110-87fe0cfcc99b Configure virtual machines to be onboarded to Azure Automanage with Custom Configuration Profile Azure Automanage enrolls, configures, and monitors virtual machines with best practice as defined in the Microsoft Cloud Adoption Framework for Azure. Use this policy to apply Automanage with your own customized Configuration Profile to your selected scope. Default
DeployIfNotExists
Allowed
AuditIfNotExists, DeployIfNotExists, Disabled
count: 001
Contributor
change
2022-10-21 16:42:13
Minor (1.2.0 > 1.3.0)
Regulatory Compliance 0dcbaf2f-075e-947b-8f4c-74ecc5cd302c Identify individuals with security roles and responsibilities CMA_C1566 - Identify individuals with security roles and responsibilities Default
Manual
Allowed
Manual, Disabled
change
2022-10-21 16:42:13
Patch (1.1.0 > 1.1.1)
Monitoring d55b81e1-984f-4a96-acab-fae204e3ca7f [Preview]: Deploy Dependency agent for Linux virtual machines with Azure Monitoring Agent settings Deploy Dependency agent for Linux virtual machines with Azure Monitoring Agent settings if the VM Image (OS) is in the list defined and the agent is not installed. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 001
Log Analytics Contributor
change
2022-10-21 16:42:13
Major, suffix remains equal (2.0.0-preview > 3.0.0-preview)
Kubernetes 4f3823b6-6dac-4b5a-9c61-ce1afb829f17 Kubernetes clusters should use Container Storage Interface(CSI) driver StorageClass The Container Storage Interface (CSI) is a standard for exposing arbitrary block and file storage systems to containerized workloads on Kubernetes. In-tree provisioner StorageClass should be deprecated since AKS version 1.21. To learn more, https://aka.ms/aks-csi-driver Default
Audit
Allowed
Audit, Deny, Disabled
change
2022-10-21 16:42:13
Patch (2.0.0 > 2.0.1)
Monitoring 4da21710-ce6f-4e06-8cdb-5cc4c93ffbee Deploy Dependency agent for Linux virtual machines Deploy Dependency agent for Linux virtual machines if the VM Image (OS) is in the list defined and the agent is not installed. Fixed
deployIfNotExists
count: 001
Log Analytics Contributor
change
2022-10-21 16:42:13
Major (4.0.0 > 5.0.0)
Kubernetes e1e6c427-07d9-46ab-9689-bfa85431e636 Kubernetes cluster pods and containers should only use allowed SELinux options Pods and containers should only use allowed SELinux options in a Kubernetes cluster. This recommendation is part of Pod Security Policies which are intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
change
2022-10-21 16:42:13
Patch (7.0.0 > 7.0.1)
Kubernetes 1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Kubernetes clusters should be accessible only over HTTPS Use of HTTPS ensures authentication and protects data in transit from network layer eavesdropping attacks. This capability is currently generally available for Kubernetes Service (AKS), and in preview for Azure Arc enabled Kubernetes. For more info, visit https://aka.ms/kubepolicydoc Default
Deny
Allowed
audit, Audit, deny, Deny, disabled, Disabled
change
2022-10-21 16:42:13
Patch (8.0.0 > 8.0.1)
Regulatory Compliance e3905a3c-97e7-0b4f-15fb-465c0927536f Correlate Vulnerability scan information CMA_C1558 - Correlate Vulnerability scan information Default
Manual
Allowed
Manual, Disabled
change
2022-10-21 16:42:13
Patch (1.1.0 > 1.1.1)
Kubernetes 3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e Kubernetes clusters should use internal load balancers Use internal load balancers to make a Kubernetes service accessible only to applications running in the same virtual network as the Kubernetes cluster. For more information, see https://aka.ms/kubepolicydoc. Default
Deny
Allowed
audit, Audit, deny, Deny, disabled, Disabled
change
2022-10-21 16:42:13
Patch (8.0.0 > 8.0.1)
Kubernetes 46238e2f-3f6f-4589-9f3f-77bed4116e67 Azure Kubernetes Clusters should use Azure CNI Azure CNI is a prerequisite for some Azure Kubernetes Service features, including Azure network policies, Windows node pools and virtual nodes add-on. Learn more at: https://aka.ms/aks-azure-cni Default
Audit
Allowed
Audit, Disabled
change
2022-10-21 16:42:13
Patch (1.0.0 > 1.0.1)
Update Management Center bd876905-5b84-4f73-ab2d-2e7a7c4568d9 [Preview]: Machines should be configured to periodically check for missing system updates To ensure periodic assessments for missing system updates are triggered automatically every 24 hours, the AssessmentMode property should be set to 'AutomaticByPlatform'. Learn more about AssessmentMode property for Windows: https://aka.ms/computevm-windowspatchassessmentmode, for Linux: https://aka.ms/computevm-linuxpatchassessmentmode. Default
Audit
Allowed
Audit, Deny, Disabled
change
2022-10-21 16:42:13
Major, suffix remains equal (1.0.0-preview > 2.0.0-preview)
Storage b4fe1a3b-0715-4c6c-a5ea-ffc33cf823cb Configure diagnostic settings for Blob Services to Log Analytics workspace Deploys the diagnostic settings for Blob Services to stream resource logs to a Log Analytics workspace when any blob Service which is missing this diagnostic settings is created or updated. Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled
count: 002
Log Analytics Contributor
Monitoring Contributor
change
2022-10-21 16:42:13
Major (3.0.0 > 4.0.0)
Kubernetes da6e2401-19da-4532-9141-fb8fbde08431 Azure Kubernetes Service Clusters should use managed identities Use managed identities to wrap around service principals, simplify cluster management and avoid the complexity required to managed service principals. Learn more at: https://aka.ms/aks-update-managed-identities Default
Audit
Allowed
Audit, Disabled
change
2022-10-21 16:42:13
Patch (1.0.0 > 1.0.1)
Kubernetes e345eecc-fa47-480f-9e88-67dcc122b164 Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits Enforce container CPU and memory resource limits to prevent resource exhaustion attacks in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. Default
Deny
Allowed
audit, Audit, deny, Deny, disabled, Disabled
change
2022-10-21 16:42:13
Patch (9.0.0 > 9.0.1)
Kubernetes 098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Limit pod HostPath volume mounts to the allowed host paths in a Kubernetes Cluster. This recommendation is part of Pod Security Policies which are intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
change
2022-10-21 16:42:13
Patch (6.0.0 > 6.0.1)
Kubernetes 1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Do not allow containers to run with privilege escalation to root in a Kubernetes cluster. This recommendation is part of CIS 5.2.5 which is intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
change
2022-10-21 16:42:13
Patch (7.0.0 > 7.0.1)
Regulatory Compliance f33c3238-11d2-508c-877c-4262ec1132e1 Recover and reconstitute resources after any disruption CMA_C1295 - Recover and reconstitute resources after any disruption Default
Manual
Allowed
Manual, Disabled
change
2022-10-21 16:42:13
Patch (1.1.0 > 1.1.1)
Kubernetes f4a8fce0-2dd5-4c21-9a36-8f0ec809d663 Kubernetes cluster pod FlexVolume volumes should only use allowed drivers Pod FlexVolume volumes should only use allowed drivers in a Kubernetes cluster. This recommendation is part of Pod Security Policies which are intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
change
2022-10-21 16:42:13
Patch (5.0.0 > 5.0.1)
Kubernetes 65280eef-c8b4-425e-9aec-af55e55bf581 Kubernetes cluster should not use naked pods Block usage of naked Pods. Naked Pods will not be rescheduled in the event of a node failure. Pods should be managed by Deployment, Replicset, Daemonset or Jobs Default
Audit
Allowed
Audit, Deny, Disabled
change
2022-10-21 16:42:13
Patch (2.0.0 > 2.0.1)
Kubernetes a27c700f-8a22-44ec-961c-41625264370b Kubernetes clusters should not use specific security capabilities Prevent specific security capabilities in Kubernetes clusters to prevent ungranted privileges on the Pod resource. For more information, see https://aka.ms/kubepolicydoc. Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
change
2022-10-21 16:42:13
Patch (5.0.0 > 5.0.1)
Update Management Center 59efceea-0c96-497e-a4a1-4eb2290dac15 [Preview]: Configure periodic checking for missing system updates on azure virtual machines Configure auto-assessment (every 24 hours) for OS updates on native Azure virtual machines. You can control the scope of assignment according to machine subscription, resource group, location or tag. Learn more about this for Windows: https://aka.ms/computevm-windowspatchassessmentmode, for Linux: https://aka.ms/computevm-linuxpatchassessmentmode. Fixed
modify
count: 001
Virtual Machine Contributor
change
2022-10-21 16:42:13
Major, suffix remains equal (2.0.0-preview > 3.0.0-preview)
Kubernetes 993c2fcd-2b29-49d2-9eb0-df2c3a730c32 Azure Kubernetes Service Clusters should have local authentication methods disabled Disabling local authentication methods improves security by ensuring that Azure Kubernetes Service Clusters should exclusively require Azure Active Directory identities for authentication. Learn more at: https://aka.ms/aks-disable-local-accounts. Default
Audit
Allowed
Audit, Deny, Disabled
change
2022-10-21 16:42:13
Patch (1.0.0 > 1.0.1)
Kubernetes 82985f06-dc18-4a48-bc1c-b9f4f0098cfe Kubernetes cluster pods should only use approved host network and port range Restrict pod access to the host network and the allowable host port range in a Kubernetes cluster. This recommendation is part of CIS 5.2.4 which is intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
change
2022-10-21 16:42:13
Patch (6.0.0 > 6.0.1)
Regulatory Compliance f801d58e-5659-9a4a-6e8d-02c9334732e5 Restore resources to operational state CMA_C1297 - Restore resources to operational state Default
Manual
Allowed
Manual, Disabled
change
2022-10-21 16:42:13
Patch (1.1.0 > 1.1.1)
Kubernetes 975ce327-682c-4f2e-aa46-b9598289b86c Kubernetes cluster containers should only use allowed seccomp profiles Pod containers can only use allowed seccomp profiles in a Kubernetes cluster. This recommendation is part of Pod Security Policies which are intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
change
2022-10-21 16:42:13
Patch (7.0.0 > 7.0.1)
Regulatory Compliance 62fa14f0-4cbe-762d-5469-0899a99b98aa Explicitly notify use of collaborative computing devices CMA_C1649 - Explicitly notify use of collaborative computing devices Default
Manual
Allowed
Manual, Disabled
change
2022-10-21 16:42:13
Patch (1.1.0 > 1.1.1)
Monitoring 8a04f872-51e9-4313-97fb-fc1c3543011c Azure Application Gateway should have Resource logs enabled Enable Resource logs for Azure Application Gateway (plus WAF) and stream to a Log Analytics workspace. Get detailed visibility into inbound web traffic and actions taken to mitigate attacks. Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
add
2022-10-21 16:42:13
8a04f872-51e9-4313-97fb-fc1c3543011c
Kubernetes f85eb0dd-92ee-40e9-8a76-db25a507d6d3 Kubernetes cluster containers should only use allowed ProcMountType Pod containers can only use allowed ProcMountTypes in a Kubernetes cluster. This recommendation is part of Pod Security Policies which are intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
change
2022-10-21 16:42:13
Patch (8.0.0 > 8.0.1)
Kubernetes 1ddac26b-ed48-4c30-8cc5-3a68c79b8001 Kubernetes clusters should not allow endpoint edit permissions of ClusterRole/system:aggregate-to-edit ClusterRole/system:aggregate-to-edit should not allow endpoint edit permissions due to CVE-2021-25740, Endpoint & EndpointSlice permissions allow cross-Namespace forwarding, https://github.com/kubernetes/kubernetes/issues/103675. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. Default
Audit
Allowed
Audit, Disabled
change
2022-10-21 16:42:13
Patch (3.0.0 > 3.0.1)
Monitoring 2fea0c12-e7d4-4e03-b7bf-c34b2b8d787d [Preview]: Deploy Dependency agent for Linux virtual machine scale sets with Azure Monitoring Agent settings Deploy Dependency agent for Linux virtual machine scale sets with Azure Monitoring Agent settings if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all virtual machines in the set by calling upgrade on them. In CLI this would be az vmss update-instances. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 001
Virtual Machine Contributor
change
2022-10-21 16:42:13
Major, suffix remains equal (2.0.0-preview > 3.0.0-preview)
Kubernetes b81f454c-eebb-4e4f-9dfe-dca060e8a8fd [Preview]: Kubernetes clusters should restrict creation of given resource type Given Kubernetes resource type should not be deployed in certain namespace. Default
Audit
Allowed
Audit, Deny, Disabled
change
2022-10-21 16:42:13
Patch, suffix remains equal (2.1.0-preview > 2.1.1-preview)
Kubernetes febd0533-8e55-448f-b837-bd0e06f16469 Kubernetes cluster containers should only use allowed images Use images from trusted registries to reduce the Kubernetes cluster's exposure risk to unknown vulnerabilities, security issues and malicious images. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. Default
Deny
Allowed
audit, Audit, deny, Deny, disabled, Disabled
change
2022-10-21 16:42:13
Patch (9.0.0 > 9.0.1)
Kubernetes a2abc456-f0ae-464b-bd3a-07a3cdbd7fb1 Kubernetes cluster Windows containers should not overcommit cpu and memory Windows container resource requests should be less or equal to the resource limit or unspecified to avoid overcommit. If Windows memory is over-provisioned it will process pages in disk - which can slow down performance - instead of terminating the container with out-of-memory Default
Audit
Allowed
Audit, Deny, Disabled
change
2022-10-21 16:42:13
Patch (2.0.0 > 2.0.1)
Kubernetes 56d0a13f-712f-466b-8416-56fb354fb823 Kubernetes cluster containers should not use forbidden sysctl interfaces Containers should not use forbidden sysctl interfaces in a Kubernetes cluster. This recommendation is part of Pod Security Policies which are intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
change
2022-10-21 16:42:13
Patch (7.0.0 > 7.0.1)
Monitoring 8a04f872-51e9-4313-97fb-fc1c35430fd8 Azure Front Door should have Resource logs enabled Enable Resource logs for Azure Front Door (plus WAF) and stream to a Log Analytics workspace. Get detailed visibility into inbound web traffic and actions taken to mitigate attacks. Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
add
2022-10-21 16:42:13
8a04f872-51e9-4313-97fb-fc1c35430fd8
Kubernetes 57dde185-5c62-4063-b965-afbb201e9c1c Kubernetes cluster Windows containers should only run with approved user and domain user group Control the user that Windows pods and containers can use to run in a Kubernetes Cluster. This recommendation is part of Pod Security Policies on Windows nodes which are intended to improve the security of your Kubernetes environments. Default
Audit
Allowed
Audit, Deny, Disabled
change
2022-10-21 16:42:13
Patch (2.0.0 > 2.0.1)
Automanage 270610db-8c04-438a-a739-e8e6745b22d3 [Deprecated]: Configure virtual machines to be onboarded to Azure Automanage Azure Automanage enrolls, configures, and monitors virtual machines with best practice as defined in the Microsoft Cloud Adoption Framework for Azure. Use this policy to apply Automanage to your selected scope. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 001
Contributor
change
2022-10-21 16:42:13
Patch, suffix changed: new suffix: deprecated; old suffix: version (4.1.0-version-deprecated > 4.1.1-deprecated)
Kubernetes 7d7be79c-23ba-4033-84dd-45e2a5ccdd67 Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys Encrypting OS and data disks using customer-managed keys provides more control and greater flexibility in key management. This is a common requirement in many regulatory and industry compliance standards. Default
Audit
Allowed
Audit, Deny, Disabled
change
2022-10-21 16:42:13
Patch (1.0.0 > 1.0.1)
Regulatory Compliance a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities CMA_C1108 - Configure Azure Audit capabilities Default
Manual
Allowed
Manual, Disabled
change
2022-10-21 16:42:13
Patch (1.1.0 > 1.1.1)
Kubernetes 13cd7ae3-5bc0-4ac4-a62d-4f7c120b9759 [Preview]: Kubernetes clusters should gate deployment of vulnerable images Protect your Kubernetes clusters and container workloads from potential threats by restricting deployment of container images with vulnerable software components. Use Azure Defender CI/CD scanning (https://aka.ms/AzureDefenderCICDscanning) and Azure defender for container registries (https://aka.ms/AzureDefenderForContainerRegistries) to identify and patch vulnerabilities prior to deployment. Evaluation prerequisite: Policy Addon and Azure Defender Profile. Only applicable for private preview customers. Default
Audit
Allowed
Audit, Deny, Disabled
change
2022-10-21 16:42:13
Patch, suffix remains equal (2.0.0-preview > 2.0.1-preview)
Storage 59759c62-9a22-4cdf-ae64-074495983fef Configure diagnostic settings for Storage Accounts to Log Analytics workspace Deploys the diagnostic settings for Storage accounts to stream resource logs to a Log Analytics workspace when any storage accounts which is missing this diagnostic settings is created or updated. Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled
count: 002
Log Analytics Contributor
Monitoring Contributor
change
2022-10-21 16:42:13
Major (3.0.0 > 4.0.0)
Kubernetes f06ddb64-5fa3-4b77-b166-acb36f7f6042 Kubernetes cluster pods and containers should only run with approved user and group IDs Control the user, primary group, supplemental group and file system group IDs that pods and containers can use to run in a Kubernetes Cluster. This recommendation is part of Pod Security Policies which are intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
change
2022-10-21 16:42:13
Patch (6.0.0 > 6.0.1)
Kubernetes 36a27de4-199b-40fb-b336-945a8475d6c5 Configure AAD integrated Azure Kubernetes Service Clusters with required Admin Group Access Ensure to improve cluster security by centrally govern Administrator access to Azure Active Directory integrated AKS clusters. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 002
Azure Kubernetes Service Contributor Role
Azure Kubernetes Service Policy Add-on Deployment
change
2022-10-21 16:42:13
Patch (2.0.0 > 2.0.1)
Kubernetes 9a5f4e39-e427-4d5d-ae73-93db00328bec Kubernetes resources should have required annotations Ensure that required annotations are attached on a given Kubernetes resource kind for improved resource management of your Kubernetes resources. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. Default
Audit
Allowed
Audit, Deny, Disabled
change
2022-10-21 16:42:13
Patch (3.0.0 > 3.0.1)
Kubernetes d46c275d-1680-448d-b2ec-e495a3b6cc89 Kubernetes cluster services should only use allowed external IPs Use allowed external IPs to avoid the potential attack (CVE-2020-8554) in a Kubernetes cluster. For more information, see https://aka.ms/kubepolicydoc. Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
change
2022-10-21 16:42:13
Patch (5.0.0 > 5.0.1)
Kubernetes 95edb821-ddaf-4404-9732-666045e056b4 Kubernetes cluster should not allow privileged containers Do not allow privileged containers creation in a Kubernetes cluster. This recommendation is part of CIS 5.2.1 which is intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. Default
Deny
Allowed
audit, Audit, deny, Deny, disabled, Disabled
change
2022-10-21 16:42:13
Patch (9.0.0 > 9.0.1)
Kubernetes 89f2d532-c53c-4f8f-9afa-4927b1114a0d Azure Kubernetes Service Clusters should disable Command Invoke Disabling command invoke can enhance the security by avoiding bypass of restricted network access or Kubernetes role-based access control Default
Audit
Allowed
Audit, Disabled
change
2022-10-21 16:42:13
Patch (1.0.0 > 1.0.1)
Kubernetes b1a9997f-2883-4f12-bdff-2280f99b5915 Ensure cluster containers have readiness or liveness probes configured This policy enforces that all pods have a readiness and/or liveness probes configured. Probe Types can be any of tcpSocket, httpGet and exec. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc. Default
Audit
Allowed
Audit, Deny, Disabled
change
2022-10-21 16:42:13
Patch (3.0.0 > 3.0.1)
Kubernetes 41425d9f-d1a5-499a-9932-f8ed8453932c Temp disks and cache for agent node pools in Azure Kubernetes Service clusters should be encrypted at host To enhance data security, the data stored on the virtual machine (VM) host of your Azure Kubernetes Service nodes VMs should be encrypted at rest. This is a common requirement in many regulatory and industry compliance standards. Default
Audit
Allowed
Audit, Deny, Disabled
change
2022-10-21 16:42:13
Patch (1.0.0 > 1.0.1)
Automanage f889cab7-da27-4c41-a3b0-de1f6f87c550 Configure virtual machines to be onboarded to Azure Automanage Azure Automanage enrolls, configures, and monitors virtual machines with best practice as defined in the Microsoft Cloud Adoption Framework for Azure. Use this policy to apply Automanage to your selected scope. Default
DeployIfNotExists
Allowed
AuditIfNotExists, DeployIfNotExists, Disabled
count: 001
Contributor
change
2022-10-21 16:42:13
Minor (2.2.0 > 2.3.0)
Storage 2fb86bf3-d221-43d1-96d1-2434af34eaa0 Configure diagnostic settings for Table Services to Log Analytics workspace Deploys the diagnostic settings for Table Services to stream resource logs to a Log Analytics workspace when any table Service which is missing this diagnostic settings is created or updated. Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled
count: 002
Log Analytics Contributor
Monitoring Contributor
change
2022-10-21 16:42:13
Major (3.0.0 > 4.0.0)
Storage 25a70cc8-2bd4-47f1-90b6-1478e4662c96 Configure diagnostic settings for File Services to Log Analytics workspace Deploys the diagnostic settings for File Services to stream resource logs to a Log Analytics workspace when any file Service which is missing this diagnostic settings is created or updated. Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled
count: 002
Log Analytics Contributor
Monitoring Contributor
change
2022-10-21 16:42:13
Major (3.0.0 > 4.0.0)
Kubernetes 16697877-1118-4fb1-9b65-9898ec2509ec Kubernetes cluster pods should only use allowed volume types Pods can only use allowed volume types in a Kubernetes cluster. This recommendation is part of Pod Security Policies which are intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
change
2022-10-21 16:42:13
Patch (5.0.0 > 5.0.1)
Kubernetes 46592696-4c7b-4bf3-9e45-6c2763bdc0a6 Kubernetes cluster pods should use specified labels Use specified labels to identify the pods in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. Default
Deny
Allowed
audit, Audit, deny, Deny, disabled, Disabled
change
2022-10-21 16:42:13
Patch (7.0.0 > 7.0.1)
Storage 7bd000e3-37c7-4928-9f31-86c4b77c5c45 Configure diagnostic settings for Queue Services to Log Analytics workspace Deploys the diagnostic settings for Queue Services to stream resource logs to a Log Analytics workspace when any queue Service which is missing this diagnostic settings is created or updated. Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled
count: 002
Log Analytics Contributor
Monitoring Contributor
change
2022-10-21 16:42:13
Major (3.0.0 > 4.0.0)
Kubernetes 450d2877-ebea-41e8-b00c-e286317d21bf Azure Kubernetes Service Clusters should enable Azure Active Directory integration AKS-managed Azure Active Directory integration can manage the access to the clusters by configuring Kubernetes role-based access control (Kubernetes RBAC) based on a user's identity or directory group membership. Learn more at: https://aka.ms/aks-managed-aad. Default
Audit
Allowed
Audit, Disabled
change
2022-10-21 16:42:13
Patch (1.0.0 > 1.0.1)
Kubernetes c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Restrict the capabilities to reduce the attack surface of containers in a Kubernetes cluster. This recommendation is part of CIS 5.2.8 and CIS 5.2.9 which are intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
change
2022-10-21 16:42:13
Patch (6.0.0 > 6.0.1)
Kubernetes 233a2a17-77ca-4fb1-9b6b-69223d272a44 Kubernetes cluster services should listen only on allowed ports Restrict services to listen only on allowed ports to secure access to the Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. Default
Deny
Allowed
audit, Audit, deny, Deny, disabled, Disabled
change
2022-10-21 16:42:13
Patch (8.0.0 > 8.0.1)
Kubernetes df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Run containers with a read only root file system to protect from changes at run-time with malicious binaries being added to PATH in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
change
2022-10-21 16:42:13
Patch (6.0.0 > 6.0.1)
Monitoring 765266ab-e40e-4c61-bcb2-5a5275d0b7c0 Deploy Dependency agent for Linux virtual machine scale sets Deploy Dependency agent for Linux virtual machine scale sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all virtual machines in the set by calling upgrade on them. In CLI this would be az vmss update-instances. Fixed
deployIfNotExists
count: 001
Virtual Machine Contributor
change
2022-10-21 16:42:13
Major (4.0.0 > 5.0.0)
Kubernetes 50c83470-d2f0-4dda-a716-1938a4825f62 Kubernetes cluster containers should only use allowed pull policy Restrict containers' pull policy to enforce containers to use only allowed images on deployments Default
Audit
Allowed
Audit, Deny, Disabled
change
2022-10-21 16:42:13
Patch (3.0.0 > 3.0.1)
Regulatory Compliance 22a02c9a-49e4-5dc9-0d14-eb35ad717154 Obtain design and implementation information for the security controls CMA_C1576 - Obtain design and implementation information for the security controls Default
Manual
Allowed
Manual, Disabled
change
2022-10-21 16:42:13
Patch (1.1.0 > 1.1.1)
Kubernetes 423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Disable automounting API credentials to prevent a potentially compromised Pod resource to run API commands against Kubernetes clusters. For more information, see https://aka.ms/kubepolicydoc. Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
change
2022-10-21 16:42:13
Patch (4.0.0 > 4.0.1)
SQL fd2d1a6e-6d95-4df2-ad00-504bf0273406 Configure Arc-enabled machines running SQL Server to have SQL Server extension installed. To ensure that SQL Server - Azure Arc resources are created by default when SQL Server instance is found on Azure Arc enabled Windows/Linux Server, the latter should have SQL Server extension installed Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 002
Log Analytics Contributor
User Access Administrator
change
2022-10-21 16:42:13
Minor (3.0.0 > 3.1.0)
Kubernetes 1b708b0a-3380-40e9-8b79-821f9fa224cc Disable Command Invoke on Azure Kubernetes Service clusters Disabling command invoke can enhance the security by rejecting invoke-command access to the cluster Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 002
Azure Kubernetes Service Contributor Role
Azure Kubernetes Service Policy Add-on Deployment
change
2022-10-21 16:42:13
Patch (1.0.0 > 1.0.1)
Kubernetes 9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Prevent usage of the default namespace in Kubernetes clusters to protect against unauthorized access for ConfigMap, Pod, Secret, Service, and ServiceAccount resource types. For more information, see https://aka.ms/kubepolicydoc. Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
change
2022-10-21 16:42:13
Patch (4.0.0 > 4.0.1)
Kubernetes 511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Containers should only use allowed AppArmor profiles in a Kubernetes cluster. This recommendation is part of Pod Security Policies which are intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
change
2022-10-21 16:42:13
Patch (6.0.0 > 6.0.1)
App Service 2d048aca-6479-4923-88f5-e2ac295d9af3 App Service Environment apps should not be reachable over public internet To ensure apps deployed in an App Service Environment are not accessible over public internet, one should deploy App Service Environment with an IP address in virtual network. To set the IP address to a virtual network IP, the App Service Environment must be deployed with an internal load balancer. Default
Audit
Allowed
Audit, Deny, Disabled
change
2022-10-14 16:34:37
Major (2.0.0 > 3.0.0)
Guest Configuration 63594bb8-43bb-4bf0-bbf8-c67e5c28cb65 [Preview]: Linux machines should meet STIG compliance requirement for Azure compute Requires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if the machine is not configured correctly for one of the recommendations in STIG compliance requirement for Azure compute. DISA (Defense Information Systems Agency) provides technical guides STIG (Security Technical Implementation Guide) to secure compute OS as required by Department of Defense (DoD). For more details, https://public.cyber.mil/stigs/. Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
add
2022-10-14 16:34:37
63594bb8-43bb-4bf0-bbf8-c67e5c28cb65
Azure Arc 55c4db33-97b0-437b-8469-c4f4498f5df9 Configure Azure Arc Private Link Scopes to use private DNS zones Use private DNS zones to override the DNS resolution for a private endpoint. A private DNS zone links to your virtual network to resolve to Azure Arc Private Link Scopes. Learn more at: https://aka.ms/arc/privatelink. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 001
Network Contributor
change
2022-10-07 16:34:28
Minor (1.0.0 > 1.2.0)
Azure Arc d6eeba80-df61-4de5-8772-bc1b7852ba6b Configure Azure Arc Private Link Scopes with private endpoints Private endpoints connect your virtual networks to Azure services without a public IP address at the source or destination. By mapping private endpoints to Azure Arc Private Link Scopes, you can reduce data leakage risks. Learn more about private links at: https://aka.ms/arc/privatelink. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 003
Azure Connected Machine Resource Administrator
Kubernetes Cluster - Azure Arc Onboarding
Network Contributor
change
2022-10-07 16:34:28
Major (1.0.0 > 2.0.0)
App Service 8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' Periodically, newer versions are released for HTTP either due to security flaws or to include additional functionality. Using the latest HTTP version for web apps to take advantage of security fixes, if any, and/or new functionalities of the newer version. Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
change
2022-10-07 16:34:28
Major (3.0.0 > 4.0.0)
App Service 1f01f1c7-539c-49b5-9ef4-d4ffa37d22e0 Configure Function apps to use the latest TLS version Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for Function apps to take advantage of security fixes, if any, and/or new functionalities of the latest version. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 001
Website Contributor
change
2022-10-07 16:34:28
Patch (1.0.0 > 1.0.1)
App Service deb528de-8f89-4101-881c-595899253102 Function app slots should use the latest TLS version Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for Function apps to take advantage of security fixes, if any, and/or new functionalities of the latest version. Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
add
2022-10-07 16:34:28
deb528de-8f89-4101-881c-595899253102
App Service ab9ca4fc-5d29-4c62-bbad-018df1f5f0dd App Service app slots should enable outbound non-RFC 1918 traffic to Azure Virtual Network By default, if one uses regional Azure Virtual Network (VNET) integration, the app only routes RFC1918 traffic into that respective virtual network. Using the API to set 'vnetRouteAllEnabled' to true enables all outbound traffic into the Azure Virtual Network. This setting allows features like network security groups and user defined routes to be used for all outbound traffic from the App Service app. Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
add
2022-10-07 16:34:28
ab9ca4fc-5d29-4c62-bbad-018df1f5f0dd
App Service 2374605e-3e0b-492b-9046-229af202562c Configure App Service apps to disable public network access Disable public network access for your App Services so that it is not accessible over the public internet. This can reduce data leakage risks. Learn more at: https://aka.ms/app-service-private-endpoint. Default
Modify
Allowed
Modify, Disabled
count: 001
Website Contributor
add
2022-10-07 16:34:28
2374605e-3e0b-492b-9046-229af202562c
App Service c6c3e00e-d414-4ca4-914f-406699bb8eee Configure App Service app slots to disable public network access Disable public network access for your App Services so that it is not accessible over the public internet. This can reduce data leakage risks. Learn more at: https://aka.ms/app-service-private-endpoint. Default
Modify
Allowed
Modify, Disabled
count: 001
Website Contributor
add
2022-10-07 16:34:28
c6c3e00e-d414-4ca4-914f-406699bb8eee
App Service cca5adfe-626b-4cc6-8522-f5b6ed2391bd Configure App Service app slots to turn off remote debugging Remote debugging requires inbound ports to be opened on an App Service app. Remote debugging should be turned off. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 001
Website Contributor
add
2022-10-07 16:34:28
cca5adfe-626b-4cc6-8522-f5b6ed2391bd
App Service 4ee5b817-627a-435a-8932-116193268172 App Service app slots should use the latest TLS version Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for App Service apps to take advantage of security fixes, if any, and/or new functionalities of the latest version. Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
add
2022-10-07 16:34:28
4ee5b817-627a-435a-8932-116193268172
App Service 969ac98b-88a8-449f-883c-2e9adb123127 Function apps should disable public network access Disabling public network access improves security by ensuring that the Function app is not exposed on the public internet. Creating private endpoints can limit exposure of a Function App. Learn more at: https://aka.ms/app-service-private-endpoint. Default
Audit
Allowed
Audit, Disabled, Deny
add
2022-10-07 16:34:28
969ac98b-88a8-449f-883c-2e9adb123127
App Service ae44c1d1-0df2-4ca9-98fa-a3d3ae5b409d Configure App Service apps to use the latest TLS version Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for App Service apps to take advantage of security fixes, if any, and/or new functionalities of the latest version. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 001
Website Contributor
change
2022-10-07 16:34:28
Patch (1.0.0 > 1.0.1)
App Service 014664e7-e348-41a3-aeb9-566e4ff6a9df Configure App Service app slots to use the latest TLS version Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for App Service apps to take advantage of security fixes, if any, and/or new functionalities of the latest version. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 001
Website Contributor
add
2022-10-07 16:34:28
014664e7-e348-41a3-aeb9-566e4ff6a9df
App Service a08ae1ab-8d1d-422b-a123-df82b307ba61 App Service app slots should have remote debugging turned off Remote debugging requires inbound ports to be opened on an App Service app. Remote debugging should be turned off. Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
add
2022-10-07 16:34:28
a08ae1ab-8d1d-422b-a123-df82b307ba61
Monitoring 2fea0c12-e7d4-4e03-b7bf-c34b2b8d787d [Preview]: Deploy Dependency agent for Linux virtual machine scale sets with Azure Monitoring Agent settings Deploy Dependency agent for Linux virtual machine scale sets with Azure Monitoring Agent settings if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all virtual machines in the set by calling upgrade on them. In CLI this would be az vmss update-instances. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 001
Virtual Machine Contributor
change
2022-10-07 16:34:28
Major, suffix remains equal (1.1.1-preview > 2.0.0-preview)
Azure Arc 12e7176a-4919-47ef-922b-34eda4c7f0ce Azure Arc-enabled kubernetes clusters should be configured with an Azure Arc Private Link Scope Azure Private Link lets you connect your virtual networks to Azure services without a public IP address at the source or destination. The Private Link platform handles the connectivity between the consumer and services over the Azure backbone network. By mapping Azure Arc-enabled servers to an Azure Arc Private Link Scope that is configured with a private endpoint, data leakage risks are reduced. Learn more about private links at: https://aka.ms/arc/privatelink. Default
Audit
Allowed
Audit, Deny, Disabled
add
2022-10-07 16:34:28
12e7176a-4919-47ef-922b-34eda4c7f0ce
App Service e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' Periodically, newer versions are released for HTTP either due to security flaws or to include additional functionality. Using the latest HTTP version for web apps to take advantage of security fixes, if any, and/or new functionalities of the newer version. Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
change
2022-10-07 16:34:28
Major (3.0.0 > 4.0.0)
App Service 0f98368e-36bc-4716-8ac2-8f8067203b63 Configure App Service apps to only be accessible over HTTPS Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Default
Modify
Allowed
Modify, Disabled
count: 001
Website Contributor
change
2022-10-07 16:34:28
Major (1.0.0 > 2.0.0)
App Service f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for Function apps to take advantage of security fixes, if any, and/or new functionalities of the latest version. Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
change
2022-10-07 16:34:28
Patch (2.0.0 > 2.0.1)
App Service fa98f1b1-1f56-4179-9faf-93ad82f3458f Function app slots should use latest 'HTTP Version' Periodically, newer versions are released for HTTP either due to security flaws or to include additional functionality. Using the latest HTTP version for web apps to take advantage of security fixes, if any, and/or new functionalities of the newer version. Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
add
2022-10-07 16:34:28
fa98f1b1-1f56-4179-9faf-93ad82f3458f
Synapse c3624673-d2ff-48e0-b28c-5de1c6767c3c Configure Synapse Workspaces to use only Azure Active Directory identities for authentication Azure Active Directory (AAD) only authentication methods improves security by ensuring that Synapse Workspaces exclusively require AAD identities for authentication. Learn more at: https://aka.ms/Synapse. Default
Modify
Allowed
Modify, Disabled
count: 001
Contributor
add
2022-10-07 16:34:28
c3624673-d2ff-48e0-b28c-5de1c6767c3c
Monitoring d55b81e1-984f-4a96-acab-fae204e3ca7f [Preview]: Deploy Dependency agent for Linux virtual machines with Azure Monitoring Agent settings Deploy Dependency agent for Linux virtual machines with Azure Monitoring Agent settings if the VM Image (OS) is in the list defined and the agent is not installed. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 001
Log Analytics Contributor
change
2022-10-07 16:34:28
Major, suffix remains equal (1.1.1-preview > 2.0.0-preview)
Kubernetes dbbdc317-9734-4dd8-9074-993b29c69008 Azure Kubernetes Clusters should enable Key Management Service (KMS) Use Key Management Service (KMS) to encrypt secret data at rest in etcd for Kubernetes cluster security. Learn more at: https://aka.ms/aks/kmsetcdencryption. Default
Audit
Allowed
Audit, Disabled
add
2022-10-07 16:34:28
dbbdc317-9734-4dd8-9074-993b29c69008
App Service 08cf2974-d178-48a0-b26d-f6b8e555748b Configure Function app slots to only be accessible over HTTPS Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Default
Modify
Allowed
Modify, Disabled
count: 001
Website Contributor
change
2022-10-07 16:34:28
Major (1.0.0 > 2.0.0)
App Service 70adbb40-e092-42d5-a6f8-71c540a5efdb Configure Function app slots to turn off remote debugging Remote debugging requires inbound ports to be opened on a Function app. Remote debugging should be turned off. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 001
Website Contributor
add
2022-10-07 16:34:28
70adbb40-e092-42d5-a6f8-71c540a5efdb
Synapse cb3738a6-82a2-4a18-b87b-15217b9deff4 Azure Synapse Workspace SQL Server should be running TLS version 1.2 or newer Setting TLS version to 1.2 or newer improves security by ensuring your Azure Synapse workspace SQL server can only be accessed from clients using TLS 1.2 or newer. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities. Default
Audit
Allowed
Audit, Deny, Disabled
change
2022-10-07 16:34:28
Minor (1.0.0 > 1.1.0)
App Service d639b3af-a535-4bef-8dcf-15078cddf5e2 App Service app slots should have resource logs enabled Audit enabling of resource logs on the app. This enables you to recreate activity trails for investigation purposes if a security incident occurs or your network is compromised. Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
add
2022-10-07 16:34:28
d639b3af-a535-4bef-8dcf-15078cddf5e2
App Service 63a0ac64-5d5f-4569-8a3d-df67cc1ce9d7 [Deprecated]: App Services should disable public network access Disabling public network access improves security by ensuring that the App Service is not exposed on the public internet. Creating private endpoints can limit exposure of an App Service. Learn more at: https://aka.ms/app-service-private-endpoint. Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
change
2022-10-07 16:34:28
Version remains equal, new suffix: deprecated (1.0.0 > 1.0.0-deprecated)
App Service 4a15c15f-90d5-4a1f-8b63-2903944963fd App Service app slots should use managed identity Use a managed identity for enhanced authentication security Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
add
2022-10-07 16:34:28
4a15c15f-90d5-4a1f-8b63-2903944963fd
App Service 546fe8d2-368d-4029-a418-6af48a7f61e5 App Service apps should use a SKU that supports private link With supported SKUs, Azure Private Link lets you connect your virtual network to Azure services without a public IP address at the source or destination. The Private Link platform handles the connectivity between the consumer and services over the Azure backbone network. By mapping private endpoints to apps, you can reduce data leakage risks. Learn more about private links at: https://aka.ms/private-link. Default
Audit
Allowed
Audit, Deny, Disabled
change
2022-10-07 16:34:28
Patch (4.0.0 > 4.0.1)
App Service 701a595d-38fb-4a66-ae6d-fb3735217622 App Service app slots should disable public network access Disabling public network access improves security by ensuring that the App Service is not exposed on the public internet. Creating private endpoints can limit exposure of an App Service. Learn more at: https://aka.ms/app-service-private-endpoint. Default
Audit
Allowed
Audit, Disabled, Deny
add
2022-10-07 16:34:28
701a595d-38fb-4a66-ae6d-fb3735217622
App Service ae1b9a8c-dfce-4605-bd91-69213b4a26fc App Service app slots should only be accessible over HTTPS Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Default
Audit
Allowed
Audit, Disabled, Deny
change
2022-10-07 16:34:28
Major (1.0.0 > 2.0.0)
App Service 81dff7c0-4020-4b58-955d-c076a2136b56 [Deprecated]: Configure App Services to disable public network access Disable public network access for your App Services so that it is not accessible over the public internet. This can reduce data leakage risks. Learn more at: https://aka.ms/app-service-private-endpoint. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 001
Website Contributor
change
2022-10-07 16:34:28
Version remains equal, new suffix: deprecated (1.0.0 > 1.0.0-deprecated)
App Service a18c77f2-3d6d-497a-9f61-849a7e8a3b79 Configure App Service app slots to only be accessible over HTTPS Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Default
Modify
Allowed
Modify, Disabled
count: 001
Website Contributor
change
2022-10-07 16:34:28
Major (1.0.0 > 2.0.0)
App Service f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for App Service apps to take advantage of security fixes, if any, and/or new functionalities of the latest version. Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
change
2022-10-07 16:34:28
Patch (2.0.0 > 2.0.1)
App Service a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Default
Audit
Allowed
Audit, Disabled, Deny
change
2022-10-07 16:34:28
Major (3.0.0 > 4.0.0)
App Service 89691ef9-8c50-49a8-8950-9c7fba41699e Function app slots should have remote debugging turned off Remote debugging requires inbound ports to be opened on Function apps. Remote debugging should be turned off. Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
add
2022-10-07 16:34:28
89691ef9-8c50-49a8-8950-9c7fba41699e
Health Data Services workspace 64528841-2f92-43f6-a137-d52e5c3dbeac Azure Health Data Services workspace should use private link Health Data Services workspace should have at least one approved private endpoint connection. Clients in a virtual network can securely access resources that have private endpoint connections through private links. For more information, visit: https://aka.ms/healthcareapisprivatelink. Default
Audit
Allowed
Audit, Disabled
add
2022-10-07 16:34:28
64528841-2f92-43f6-a137-d52e5c3dbeac
App Service a096cbd0-4693-432f-9374-682f485f23f3 Configure Function apps to only be accessible over HTTPS Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Default
Modify
Allowed
Modify, Disabled
count: 001
Website Contributor
change
2022-10-07 16:34:28
Major (1.0.0 > 2.0.0)
App Service 1b5ef780-c53c-4a64-87f3-bb9c8c8094ba App Service apps should disable public network access Disabling public network access improves security by ensuring that the App Service is not exposed on the public internet. Creating private endpoints can limit exposure of an App Service. Learn more at: https://aka.ms/app-service-private-endpoint. Default
Audit
Allowed
Audit, Disabled, Deny
add
2022-10-07 16:34:28
1b5ef780-c53c-4a64-87f3-bb9c8c8094ba
Synapse 2158ddbe-fefa-408e-b43f-d4faef8ff3b8 Synapse Workspaces should use only Azure Active Directory identities for authentication Azure Active Directory (AAD) only authentication methods improves security by ensuring that Synapse Workspaces exclusively require AAD identities for authentication. Learn more at: https://aka.ms/Synapse. Default
Audit
Allowed
Audit, Deny, Disabled
add
2022-10-07 16:34:28
2158ddbe-fefa-408e-b43f-d4faef8ff3b8
App Service 6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Default
Audit
Allowed
Audit, Disabled, Deny
change
2022-10-07 16:34:28
Major (4.0.0 > 5.0.0)
App Service 11c82d0c-db9f-4d7b-97c5-f3f9aa957da2 Function app slots should disable public network access Disabling public network access improves security by ensuring that the Function app is not exposed on the public internet. Creating private endpoints can limit exposure of a Function App. Learn more at: https://aka.ms/app-service-private-endpoint. Default
Audit
Allowed
Audit, Disabled, Deny
add
2022-10-07 16:34:28
11c82d0c-db9f-4d7b-97c5-f3f9aa957da2
App Service fa3a6357-c6d6-4120-8429-855577ec0063 Configure Function app slots to use the latest TLS version Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for Function apps to take advantage of security fixes, if any, and/or new functionalities of the latest version. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 001
Website Contributor
add
2022-10-07 16:34:28
fa3a6357-c6d6-4120-8429-855577ec0063
Synapse 8b5c654c-fb07-471b-aa8f-15fea733f140 Configure Azure Synapse Workspace Dedicated SQL minimum TLS version Customers can raise or lower the minimal TLS version using the API, for both new Synapse workspaces or existing workspaces. So users who need to use a lower client version in the workspaces can connect while users who has security requirement can raise the minimum TLS version. Learn more at: https://docs.microsoft.com/azure/synapse-analytics/security/connectivity-settings. Default
Modify
Allowed
Modify, Disabled
count: 001
Contributor
change
2022-10-07 16:34:28
Minor (1.0.0 > 1.1.0)
App Service 242222f3-4985-4e99-b5ef-086d6a6cb01c Configure Function app slots to disable public network access Disable public network access for your Function apps so that it is not accessible over the public internet. This can reduce data leakage risks. Learn more at: https://aka.ms/app-service-private-endpoint. Default
Modify
Allowed
Modify, Disabled
count: 001
Website Contributor
add
2022-10-07 16:34:28
242222f3-4985-4e99-b5ef-086d6a6cb01c
App Service 5e5dbe3f-2702-4ffc-8b1e-0cae008a5c71 Function app slots should only be accessible over HTTPS Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Default
Audit
Allowed
Audit, Disabled, Deny
change
2022-10-07 16:34:28
Major (1.0.0 > 2.0.0)
SQL fd2d1a6e-6d95-4df2-ad00-504bf0273406 Configure Arc-enabled machines running SQL Server to have SQL Server extension installed. To ensure that SQL Server - Azure Arc resources are created by default when SQL Server instance is found on Azure Arc enabled Windows/Linux Server, the latter should have SQL Server extension installed Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 002
Log Analytics Contributor
User Access Administrator
change
2022-10-07 16:34:28
Major (2.1.0 > 3.0.0)
App Service 4dcfb8b5-05cd-4090-a931-2ec29057e1fc App Service app slots should use latest 'HTTP Version' Periodically, newer versions are released for HTTP either due to security flaws or to include additional functionality. Using the latest HTTP version for web apps to take advantage of security fixes, if any, and/or new functionalities of the newer version. Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
add
2022-10-07 16:34:28
4dcfb8b5-05cd-4090-a931-2ec29057e1fc
Azure Arc 4002015b-1272-4dfb-8943-fed4aeec39b6 Configure Azure Arc-enabled Kubernetes clusters to use an Azure Arc Private Link Scope Azure Private Link lets you connect your virtual networks to Azure services without a public IP address at the source or destination. The Private Link platform handles the connectivity between the consumer and services over the Azure backbone network. By mapping Azure Arc-enabled servers to an Azure Arc Private Link Scope that is configured with a private endpoint, data leakage risks are reduced. Learn more about private links at: https://aka.ms/arc/privatelink. Default
Modify
Allowed
Modify, Disabled
count: 001
Kubernetes Cluster - Azure Arc Onboarding
add
2022-10-07 16:34:28
4002015b-1272-4dfb-8943-fed4aeec39b6
App Service cd794351-e536-40f4-9750-503a463d8cad Configure Function apps to disable public network access Disable public network access for your Function apps so that it is not accessible over the public internet. This can reduce data leakage risks. Learn more at: https://aka.ms/app-service-private-endpoint. Default
Modify
Allowed
Modify, Disabled
count: 001
Website Contributor
add
2022-10-07 16:34:28
cd794351-e536-40f4-9750-503a463d8cad
Monitoring 7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting Audit diagnostic setting for selected resource types Fixed
AuditIfNotExists
change
2022-10-05 16:36:28
Major (1.1.0 > 2.0.0)
Security Center e8794316-d918-4565-b57d-6b38a06381a0 [Preview]: Azure Security agent should be installed on your Linux virtual machines Install the Azure Security agent on your Linux virtual machines in order to monitor your machines for security configurations and vulnerabilities. Results of the assessments can seen and managed in Azure Security Center. Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
change
2022-09-30 16:34:23
Major, suffix remains equal (1.0.0-preview > 2.0.0-preview)
Synapse cfaf0007-99c7-4b01-b36b-4048872ac978 Azure Synapse Analytics dedicated SQL pools should enable encryption Enable transparent data encryption for Azure Synapse Analytics dedicated SQL pools to protect data-at-rest and meet compliance requirements. Please note that enabling transparent data encryption for the pool may impact query performance. More details can refer to https://go.microsoft.com/fwlink/?linkid=2147714 Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
add
2022-09-30 16:34:23
cfaf0007-99c7-4b01-b36b-4048872ac978
Security Center 5f8eb305-9c9f-4abe-9bb0-df220d9faba2 [Preview]: Configure supported Linux virtual machines to automatically install the Azure Security agent Configure supported Linux virtual machines to automatically install the Azure Security agent. Security Center collects events from the agent and uses them to provide security alerts and tailored hardening tasks (recommendations). Target virtual machines must be in a supported location. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 001
Virtual Machine Contributor
change
2022-09-30 16:34:23
Major, suffix remains equal (6.0.0-preview > 7.0.0-preview)
Security Center 1537496a-b1e8-482b-a06a-1cc2415cdc7b [Preview]: Configure supported Windows machines to automatically install the Azure Security agent Configure supported Windows machines to automatically install the Azure Security agent. Security Center collects events from the agent and uses them to provide security alerts and tailored hardening tasks (recommendations). Target virtual machines must be in a supported location. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 001
Virtual Machine Contributor
change
2022-09-30 16:34:23
Major, suffix remains equal (4.0.0-preview > 5.0.0-preview)
Security Center 6654c8c4-e6f8-43f8-8869-54327af7ce32 [Preview]: Configure supported Linux virtual machine scale sets to automatically install the Azure Security agent Configure supported Linux virtual machine scale sets to automatically install the Azure Security agent. Security Center collects events from the agent and uses them to provide security alerts and tailored hardening tasks (recommendations). Target virtual machines must be in a supported location. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 001
Virtual Machine Contributor
change
2022-09-30 16:34:23
Major, suffix remains equal (1.0.0-preview > 2.0.0-preview)
Guest Configuration 3dc5edcd-002d-444c-b216-e123bbfa37c0 [Preview]: Windows machines should encrypt temp disks, caches, and data flows between Compute and Storage resources. Requires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Use Azure Disk Encryption or Encryption At Host to protect your virtual machine's OS and data disks, temp disks, data caches and any data flowing between compute and storage. To learn more about different disk encryption offerings, see https://aka.ms/diskencryptioncomparison. Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
add
2022-09-30 16:34:23
3dc5edcd-002d-444c-b216-e123bbfa37c0
Security Center 62b52eae-c795-44e3-94e8-1b3d264766fb [Preview]: Azure Security agent should be installed on your Linux virtual machine scale sets Install the Azure Security agent on your Linux virtual machine scale sets in order to monitor your machines for security configurations and vulnerabilities. Results of the assessments can seen and managed in Azure Security Center. Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
change
2022-09-30 16:34:23
Major, suffix remains equal (1.0.0-preview > 2.0.0-preview)
Guest Configuration ca88aadc-6e2b-416c-9de2-5a0f01d1693f [Preview]: Linux machines should encrypt temp disks, caches, and data flows between Compute and Storage resources. Requires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Use Azure Disk Encryption or Encryption At Host to protect your virtual machine's OS and data disks, temp disks, data caches and any data flowing between compute and storage. To learn more about different disk encryption offerings, see https://aka.ms/diskencryptioncomparison. Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
add
2022-09-30 16:34:23
ca88aadc-6e2b-416c-9de2-5a0f01d1693f
Security Center e16f967a-aa57-4f5e-89cd-8d1434d0a29a [Preview]: Azure Security agent should be installed on your Windows virtual machine scale sets Install the Azure Security agent on your Windows virtual machine scale sets in order to monitor your machines for security configurations and vulnerabilities. Results of the assessments can seen and managed in Azure Security Center. Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
change
2022-09-30 16:34:23
Major, suffix remains equal (1.0.0-preview > 2.0.0-preview)
Security Center 808a7dc4-49f2-4e7b-af75-d14e561c244a [Preview]: Configure supported Windows virtual machine scale sets to automatically install the Azure Security agent Configure supported Windows virtual machine scale sets to automatically install the Azure Security agent. Security Center collects events from the agent and uses them to provide security alerts and tailored hardening tasks (recommendations). Target Windows virtual machine scale sets must be in a supported location. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 001
Virtual Machine Contributor
change
2022-09-30 16:34:23
Major, suffix remains equal (1.0.0-preview > 2.0.0-preview)
Security Center bb2c6c6d-14bc-4443-bef3-c6be0adc6076 [Preview]: Azure Security agent should be installed on your Windows virtual machines Install the Azure Security agent on your Windows virtual machines in order to monitor your machines for security configurations and vulnerabilities. Results of the assessments can seen and managed in Azure Security Center. Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
change
2022-09-30 16:34:23
Major, suffix remains equal (1.0.0-preview > 2.0.0-preview)
Regulatory Compliance 0716f0f5-4955-2ccb-8d5e-c6be14d57c0f Ensure resources are authorized CMA_C1159 - Ensure resources are authorized Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes CMA_0267 - Establish authenticator types and processes Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 9c954fcf-6dd8-81f1-41b5-832ae5c62caf Incorporate simulated contingency training CMA_C1260 - Incorporate simulated contingency training Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 92b94485-1c49-3350-9ada-dffe94f08e87 Obtain approvals for acquisitions and outsourcing CMA_C1590 - Obtain approvals for acquisitions and outsourcing Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 06af77de-02ca-0f3e-838a-a9420fe466f5 Establish a discrete line item in budgeting documentation CMA_C1563 - Establish a discrete line item in budgeting documentation Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance b0e3035d-6366-2e37-796e-8bcab9c649e6 Establish a threat intelligence program CMA_0260 - Establish a threat intelligence program Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate CMA_0483 - Revoke privileged roles as appropriate Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance c7e8ddc1-14aa-1814-7fe1-aad1742b27da Enforce expiration of cached authenticators CMA_C1343 - Enforce expiration of cached authenticators Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system CMA_0338 - Install an alarm system Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 90a156a6-49ed-18d1-1052-69aac27c05cd Allocate resources in determining information system requirements CMA_C1561 - Allocate resources in determining information system requirements Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 03d550b4-34ee-03f4-515f-f2e2faf7a413 Review access control policies and procedures CMA_0457 - Review access control policies and procedures Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 1fdf0b24-4043-3c55-357e-036985d50b52 Ensure security safeguards not needed when the individuals return CMA_C1183 - Ensure security safeguards not needed when the individuals return Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance c6aeb800-0b19-944d-92dc-59b893722329 Rescreen individuals at a defined frequency CMA_C1512 - Rescreen individuals at a defined frequency Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance b2c723e8-a1a0-8e38-5cf1-f5a20ffe4f51 Publish access procedures in SORNs CMA_C1848 - Publish access procedures in SORNs Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance f6794ab8-9a7d-3b24-76ab-265d3646232b Provide role-based training on suspicious activities CMA_C1097 - Provide role-based training on suspicious activities Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance edcc36f1-511b-81e0-7125-abee29752fe7 Manage availability and capacity CMA_0356 - Manage availability and capacity Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures CMA_0143 - Develop acceptable use policies and procedures Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 6b957f60-54cd-5752-44d5-ff5a64366c93 Develop SSP that meets criteria CMA_C1492 - Develop SSP that meets criteria Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance e6f7b584-877a-0d69-77d4-ab8b923a9650 Document separation of duties CMA_0204 - Document separation of duties Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 464a7d7a-2358-4869-0b49-6d582ca21292 Ensure capital planning and investment requests include necessary resources CMA_C1734 - Ensure capital planning and investment requests include necessary resources Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 8b333332-6efd-7c0d-5a9f-d1eb95105214 Employ FIPS 201-approved technology for PIV CMA_C1579 - Employ FIPS 201-approved technology for PIV Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 18e7906d-4197-20fa-2f14-aaac21864e71 Document process to ensure integrity of PII CMA_C1827 - Document process to ensure integrity of PII Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information CMA_0253 - Eradicate contaminated information Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 08ad71d0-52be-6503-4908-e015460a16ae Require use of individual authenticators CMA_C1305 - Require use of individual authenticators Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance e4054c0e-1184-09e6-4c5e-701e0bc90f81 Report atypical behavior of user accounts CMA_C1025 - Report atypical behavior of user accounts Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 5269d7e4-3768-501d-7e46-66c56c15622c Manage contacts for authorities and special interest groups CMA_0359 - Manage contacts for authorities and special interest groups Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 085467a6-9679-5c65-584a-f55acefd0d43 Require developers to implement only approved changes CMA_C1596 - Require developers to implement only approved changes Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 29acfac0-4bb4-121b-8283-8943198b1549 Review and update identification and authentication policies and procedures CMA_C1299 - Review and update identification and authentication policies and procedures Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance f29b17a4-0df2-8a50-058a-8570f9979d28 Assign system identifiers CMA_0018 - Assign system identifiers Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys CMA_0445 - Restrict access to private keys Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 70a7a065-a060-85f8-7863-eb7850ed2af9 Produce Security Assessment report CMA_C1146 - Produce Security Assessment report Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Security Center 6074e9a3-c711-4856-976d-24d51f9e065b [Preview]: Configure supported Linux virtual machines to automatically install the Guest Attestation extension Configure supported Linux virtual machines to automatically install the Guest Attestation extension to allow Azure Security Center to proactively attest and monitor the boot integrity. Boot integrity is attested via Remote Attestation. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 001
Virtual Machine Contributor
change
2022-09-27 16:35:32
Major, suffix remains equal (6.0.0-preview > 7.0.0-preview)
Regulatory Compliance aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan CMA_C1244 - Develop contingency plan Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 82bd024a-5c99-05d6-96ff-01f539676a1a Monitor security and privacy training completion CMA_0379 - Monitor security and privacy training completion Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Security Center 1cb4d9c2-f88f-4069-bee0-dba239a57b09 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines Install Guest Attestation extension on supported virtual machines to allow Azure Security Center to proactively attest and monitor the boot integrity. Once installed, boot integrity will be attested via Remote Attestation. This assessment applies to Trusted Launch and Confidential Windows virtual machines. Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
change
2022-09-27 16:35:32
Major, suffix remains equal (3.0.0-preview > 4.0.0-preview)
Monitoring 383c45fa-8b64-4d1c-aa9f-e69d2d879aa4 The legacy Log Analytics extension should not be installed on Linux virtual machine scale sets Automatically prevent installation of the legacy Log Analytics Agent as the final step of migrating from legacy agents to Azure Monitor Agent. After you have uninstalled existing legacy extensions, this policy will deny all future installations of the legacy agent extension on Linux virtual machine scale sets. Learn more: https://aka.ms/migratetoAMA Default
Audit
Allowed
Deny, Audit, Disabled
add
2022-09-27 16:35:32
383c45fa-8b64-4d1c-aa9f-e69d2d879aa4
Regulatory Compliance 8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment CMA_0388 - Perform a risk assessment Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Security Center 672fe5a1-2fcd-42d7-b85d-902b6e28c6ff [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines Install Guest Attestation extension on supported Linux virtual machines to allow Azure Security Center to proactively attest and monitor the boot integrity. Once installed, boot integrity will be attested via Remote Attestation. This assessment applies to Trusted Launch and Confidential Linux virtual machines. Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
change
2022-09-27 16:35:32
Major, suffix remains equal (5.0.0-preview > 6.0.0-preview)
Regulatory Compliance e89436d8-6a93-3b62-4444-1d2a42ad56b2 Reevaluate access upon personnel transfer CMA_0424 - Reevaluate access upon personnel transfer Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities CMA_C1108 - Configure Azure Audit capabilities Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 11ba0508-58a8-44de-5f3a-9e05d80571da Develop business classification schemes CMA_0155 - Develop business classification schemes Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 79f081c7-1634-01a1-708e-376197999289 Review user accounts CMA_0480 - Review user accounts Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 6f3866e8-6e12-69cf-788c-809d426094a1 Establish electronic signature and certificate requirements CMA_0271 - Establish electronic signature and certificate requirements Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 964b340a-43a4-4798-2af5-7aedf6cb001b Collect PII directly from the individual CMA_C1822 - Collect PII directly from the individual Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 55be3260-a7a2-3c06-7fe6-072d07525ab7 Accept PIV credentials CMA_C1347 - Accept PIV credentials Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance dc7ec756-221c-33c8-0afe-c48e10e42321 Verify security controls for external information systems CMA_0541 - Verify security controls for external information systems Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 91a54089-2d69-0f56-62dc-b6371a1671c0 Resume all mission and business functions CMA_C1254 - Resume all mission and business functions Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance a4493012-908c-5f48-a468-1e243be884ce Review security assessment and authorization policies and procedures CMA_C1143 - Review security assessment and authorization policies and procedures Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance db8b35d6-8adb-3f51-44ff-c648ab5b1530 Employ FICAM-approved resources to accept third-party credentials CMA_C1349 - Employ FICAM-approved resources to accept third-party credentials Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance f8a63511-66f1-503f-196d-d6217ee0823a Require developers to produce evidence of security assessment plan execution CMA_C1602 - Require developers to produce evidence of security assessment plan execution Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 0fd1ca29-677b-2f12-1879-639716459160 Maintain data breach records CMA_0351 - Maintain data breach records Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance b4e19d22-8c0e-7cad-3219-c84c62dc250f Review and update media protection policies and procedures CMA_C1427 - Review and update media protection policies and procedures Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance f2222056-062d-1060-6dc2-0107a68c34b2 Manage a secure surveillance camera system CMA_0354 - Manage a secure surveillance camera system Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 0471c6b7-1588-701c-2713-1fade73b75f6 Display an explicit logout message CMA_C1056 - Display an explicit logout message Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance ced291b8-1d3d-7e27-40cf-829e9dd523c8 Review and update the information security architecture CMA_C1504 - Review and update the information security architecture Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 80a97208-264e-79da-0cc7-4fca179a0c9c Protect against and prevent data theft from departing employees CMA_0398 - Protect against and prevent data theft from departing employees Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training CMA_0413 - Provide information spillage training Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards CMA_0161 - Develop security safeguards Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program CMA_0257 - Establish a privacy program Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance bb048641-6017-7272-7772-a008f285a520 Develop spillage response procedures CMA_0162 - Develop spillage response procedures Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 7805a343-275c-41be-9d62-7215b96212d8 Reassign or remove user privileges as needed CMA_C1040 - Reassign or remove user privileges as needed Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance f78fc35e-1268-0bca-a798-afcba9d2330a Select additional testing for security control assessments CMA_C1149 - Select additional testing for security control assessments Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance f801d58e-5659-9a4a-6e8d-02c9334732e5 Restore resources to operational state CMA_C1297 - Restore resources to operational state Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance df54d34f-65f3-39f1-103c-a0464b8615df Manage transfers between standby and active system components CMA_0371 - Manage transfers between standby and active system components Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 4c6df5ff-4ef2-4f17-a516-0da9189c603b Assign account managers CMA_0015 - Assign account managers Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 97cfd944-6f0c-7db2-3796-8e890ef70819 Establish conditions for role membership CMA_0269 - Establish conditions for role membership Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance ba02d0a0-566a-25dc-73f1-101c726a19c5 Implement transaction based recovery CMA_C1296 - Implement transaction based recovery Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance b9d45adb-471b-56a5-64d2-5b241f126174 Automate privacy controls CMA_C1817 - Automate privacy controls Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs CMA_0460 - Review account provisioning logs Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 6de65dc4-8b4f-34b7-9290-eb137a2e2929 Develop and document application security requirements CMA_0148 - Develop and document application security requirements Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 5c40f27b-6791-18c5-3f85-7b863bd99c11 Automate proposed documented changes CMA_C1191 - Automate proposed documented changes Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 0e696f5a-451f-5c15-5532-044136538491 Protect audit information CMA_0401 - Protect audit information Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 8a703eb5-4e53-701b-67e4-05ba2f7930c8 Separate user and information system management functionality CMA_0493 - Separate user and information system management functionality Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928 Appoint a senior information security officer CMA_C1733 - Appoint a senior information security officer Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 35963d41-4263-0ef9-98d5-70eb058f9e3c Establish procedures for initial authenticator distribution CMA_0276 - Establish procedures for initial authenticator distribution Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool CMA_0311 - Implement an automated configuration management tool Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 341bc9f1-7489-07d9-4ec6-971573e1546a Define access authorizations to support separation of duties CMA_0116 - Define access authorizations to support separation of duties Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data CMA_0466 - Review audit data Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service CMA_0305 - Implement a fault tolerant name/address service Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance b470a37a-7a47-3792-34dd-7a793140702e Establish relationship between incident response capability and external providers CMA_C1376 - Establish relationship between incident response capability and external providers Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access CMA_0212 - Employ least privilege access Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance d6653f89-7cb5-24a4-9d71-51581038231b Reauthenticate or terminate a user session CMA_0421 - Reauthenticate or terminate a user session Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 22a02c9a-49e4-5dc9-0d14-eb35ad717154 Obtain design and implementation information for the security controls CMA_C1576 - Obtain design and implementation information for the security controls Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access CMA_0418 - Provide security training before providing access Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 4b8fd5da-609b-33bf-9724-1c946285a14c Notify Account Managers of customer controlled accounts CMA_C1009 - Notify Account Managers of customer controlled accounts Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas CMA_0323 - Implement physical security for offices, working areas, and secure areas Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8 Prevent split tunneling for remote devices CMA_C1632 - Prevent split tunneling for remote devices Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance d136ae80-54dd-321c-98b4-17acf4af2169 Provide updated security awareness training CMA_C1090 - Provide updated security awareness training Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance b8a9bb2f-7290-3259-85ce-dca7d521302d Initiate transfer or reassignment actions CMA_0333 - Initiate transfer or reassignment actions Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines CMA_0190 - Document and implement wireless access guidelines Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 44f8a42d-739f-8030-89a8-4c2d5b3f6af3 Provide audit review, analysis, and reporting capability CMA_C1124 - Provide audit review, analysis, and reporting capability Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 1e876c5c-0f2a-8eb6-69f7-5f91e7918ed6 Review development process, standards and tools CMA_C1610 - Review development process, standards and tools Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 426c172c-9914-10d1-25dd-669641fc1af4 Enable detection of network devices CMA_0220 - Enable detection of network devices Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 8cd815bf-97e1-5144-0735-11f6ddb50a59 Enforce and audit access restrictions CMA_C1203 - Enforce and audit access restrictions Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 8f835d6a-4d13-9a9c-37dc-176cebd37fda Document wireless access security controls CMA_C1695 - Document wireless access security controls Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy CMA_0159 - Develop organization code of conduct policy Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 39999038-9ef1-602a-158c-ce2367185230 Define performance metrics CMA_0124 - Define performance metrics Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance c3b3cc61-9c70-5d78-7f12-1aefcc477db7 Review security testing, training, and monitoring plans CMA_C1754 - Review security testing, training, and monitoring plans Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection CMA_0328 - Implement system boundary protection Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan CMA_0352 - Maintain incident response plan Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 70057208-70cc-7b31-3c3a-121af6bc1966 Secure commitment from leadership CMA_0489 - Secure commitment from leadership Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68 Conduct risk assessment and document its results CMA_C1542 - Conduct risk assessment and document its results Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance f30edfad-4e1d-1eef-27ee-9292d6d89842 Perform security function verification at a defined frequency CMA_C1709 - Perform security function verification at a defined frequency Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 2b2f3a72-9e68-3993-2b69-13dcdecf8958 Define requirements for supplying goods and services CMA_0126 - Define requirements for supplying goods and services Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 4012c2b7-4e0e-a7ab-1688-4aab43f14420 Map authenticated identities to individuals CMA_0372 - Map authenticated identities to individuals Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management CMA_0123 - Define organizational requirements for cryptographic key management Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 3baee3fd-30f5-882c-018c-cc78703a0106 Employ independent assessors for continuous monitoring CMA_C1168 - Employ independent assessors for continuous monitoring Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure CMA_0255 - Establish a data leakage management procedure Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 729c8708-2bec-093c-8427-2e87d2cd426d Automate notification of employee termination CMA_C1521 - Automate notification of employee termination Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 5f2e834d-7e40-a4d5-a216-e49b16955ccf Establish requirements for internet service providers CMA_0278 - Establish requirements for internet service providers Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance e8c31e15-642d-600f-78ab-bad47a5787e6 Require third-party providers to comply with personnel security policies and procedures CMA_C1530 - Require third-party providers to comply with personnel security policies and procedures Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance a8df9c78-4044-98be-2c05-31a315ac8957 Conform to FICAM-issued profiles CMA_C1350 - Conform to FICAM-issued profiles Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status CMA_0020 - Audit user account status Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 01c387ea-383d-4ca9-295a-977fab516b03 Authorize remote access to privileged commands CMA_C1064 - Authorize remote access to privileged commands Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 7fc1f0da-0050-19bb-3d75-81ae15940df6 Provide monitoring information as needed CMA_C1689 - Provide monitoring information as needed Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 92b49e92-570f-1765-804a-378e6c592e28 Automate process to highlight unreviewed change proposals CMA_C1193 - Automate process to highlight unreviewed change proposals Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 585af6e9-90c0-4575-67a7-2f9548972e32 Review and reevaluate privileges CMA_C1207 - Review and reevaluate privileges Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module CMA_0021 - Authenticate to cryptographic module Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 23d1a569-2d1e-7f43-9e22-1f94115b7dd5 Identify classes of Incidents and Actions taken CMA_C1365 - Identify classes of Incidents and Actions taken Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 5b802722-71dd-a13d-2e7e-231e09589efb Implement privileged access for executing vulnerability scanning activities CMA_C1555 - Implement privileged access for executing vulnerability scanning activities Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 75b9db50-7906-2351-98ae-0458218609e5 Retain accounting of disclosures of information CMA_C1819 - Retain accounting of disclosures of information Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria CMA_0187 - Document acquisition contract acceptance criteria Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements CMA_0521 - Update rules of behavior and access agreements Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance a30bd8e9-7064-312a-0e1f-e1b485d59f6e Review exploit protection events CMA_0472 - Review exploit protection events Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation CMA_0431 - Require approval for account creation Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance ab02bb73-4ce1-89dd-3905-d93042809ba0 Align business objectives and IT goals CMA_0008 - Align business objectives and IT goals Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 27ab3ac0-910d-724d-0afa-1a2a01e996c0 Respond to rectification requests CMA_0442 - Respond to rectification requests Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 26d178a4-9261-6f04-a100-47ed85314c6e Implement security directives CMA_C1706 - Implement security directives Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 5020f3f4-a579-2f28-72a8-283c5a0b15f9 Restrict communications CMA_0449 - Restrict communications Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 1beb1269-62ee-32cd-21ad-43d6c9750eb6 Ensure privacy program information is publicly available CMA_C1867 - Ensure privacy program information is publicly available Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 4ce91e4e-6dab-3c46-011a-aa14ae1561bf Maintain list of authorized remote maintenance personnel CMA_C1420 - Maintain list of authorized remote maintenance personnel Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance a08b18c7-9e0a-89f1-3696-d80902196719 Document access privileges CMA_0186 - Document access privileges Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Cosmos DB 9d83ccb1-f313-46ce-9d39-a198bfdb51a0 Azure Cosmos DB accounts should not exceed the maximum number of days allowed since last account key regeneration. Regenerate your keys in the specified time to keep your data more protected. Default
Audit
Allowed
Audit, Disabled
add
2022-09-27 16:35:32
9d83ccb1-f313-46ce-9d39-a198bfdb51a0
Regulatory Compliance 9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage CMA_0007 - Alert personnel of information spillage Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance e7422f08-65b4-50e4-3779-d793156e0079 Develop a concept of operations (CONOPS) CMA_0141 - Develop a concept of operations (CONOPS) Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements CMA_0487 - Satisfy token quality requirements Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 10874318-0bf7-a41f-8463-03e395482080 Correlate audit records CMA_0087 - Correlate audit records Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 4ee5975d-2507-5530-a20a-83a725889c6f Restrict unauthorized software and firmware installation CMA_C1205 - Restrict unauthorized software and firmware installation Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 85335602-93f5-7730-830b-d43426fd51fa Integrate Audit record analysis CMA_C1120 - Integrate Audit record analysis Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 1ee4c7eb-480a-0007-77ff-4ba370776266 Use system clocks for audit records CMA_0535 - Use system clocks for audit records Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements CMA_C1151 - Require interconnection security agreements Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 Verify personal data is deleted at the end of processing CMA_0540 - Verify personal data is deleted at the end of processing Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control CMA_0390 - Perform audit for configuration change control Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance c79d378a-2521-822a-0407-57454f8d2c74 Notify upon termination or transfer CMA_0381 - Notify upon termination or transfer Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws CMA_0427 - Remediate information system flaws Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance ffdaa742-0d6f-726f-3eac-6e6c34e36c93 Establish usage restrictions for mobile code technologies CMA_C1652 - Establish usage restrictions for mobile code technologies Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance f6da5cca-5795-60ff-49e1-4972567815fe Require developer to identify SDLC ports, protocols, and services CMA_C1578 - Require developer to identify SDLC ports, protocols, and services Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 0f31d98d-5ce2-705b-4aa5-b4f6705110dd Prepare alternate processing site for use as operational site CMA_C1278 - Prepare alternate processing site for use as operational site Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 22457e81-3ec6-5271-a786-c3ca284601dd Isolate information spills CMA_0346 - Isolate information spills Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance b65c5d8e-9043-9612-2c17-65f231d763bb Employ independent assessors to conduct security control assessments CMA_C1148 - Employ independent assessors to conduct security control assessments Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts CMA_0195 - Document protection of security information in acquisition contracts Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data CMA_0455 - Retain terminated user data Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates CMA_0073 - Configure workstations to check for digital certificates Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 53fc1282-0ee3-2764-1319-e20143bb0ea5 Review contingency plan CMA_C1247 - Review contingency plan Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements CMA_0469 - Review cloud service provider's compliance with policies and agreements Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance c72fc0c8-2df8-7506-30be-6ba1971747e1 Automate implementation of approved change notifications CMA_C1196 - Automate implementation of approved change notifications Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment CMA_0273 - Establish network segmentation for card holder data environment Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 57adc919-9dca-817c-8197-64d812070316 Develop an enterprise architecture CMA_C1741 - Develop an enterprise architecture Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Enable dual or joint authorization CMA_0226 - Enable dual or joint authorization Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab Check for privacy and security compliance before establishing internal connections CMA_0053 - Check for privacy and security compliance before establishing internal connections Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance b4409bff-2287-8407-05fd-c73175a68302 Enforce a limit of consecutive failed login attempts CMA_C1044 - Enforce a limit of consecutive failed login attempts Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 1ff03f2a-974b-3272-34f2-f6cd51420b30 Obscure feedback information during authentication process CMA_C1344 - Obscure feedback information during authentication process Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 8e49107c-3338-40d1-02aa-d524178a2afe Deliver security assessment results CMA_C1147 - Deliver security assessment results Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities CMA_0507 - Support personal verification credentials issued by legal authorities Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance e7589f4e-1e8b-72c2-3692-1e14d7f3699f Ensure access agreements are signed or resigned timely CMA_C1528 - Ensure access agreements are signed or resigned timely Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance a1334a65-2622-28ee-5067-9d7f5b915cc5 Communicate contingency plan changes CMA_C1249 - Communicate contingency plan changes Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 44b71aa8-099d-8b97-1557-0e853ec38e0d Obtain functional properties of security controls CMA_C1575 - Obtain functional properties of security controls Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 83eea3d3-0d2c-9ccd-1021-2111b29b2a62 Ensure system capable of dynamic isolation of resources CMA_C1638 - Ensure system capable of dynamic isolation of resources Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access CMA_0023 - Authorize and manage access Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment CMA_C1543 - Conduct Risk Assessment Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 9c93ef57-7000-63fb-9b74-88f2e17ca5d2 Disseminate security alerts to personnel CMA_C1705 - Disseminate security alerts to personnel Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information CMA_C1293 - Separately store backup information Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance b8587fce-138f-86e8-33a3-c60768bf1da6 Automate remote maintenance activities CMA_C1402 - Automate remote maintenance activities Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 46ab2c5e-6654-1f58-8c83-e97a44f39308 Identify external service providers CMA_C1591 - Identify external service providers Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance eab4450d-9e5c-4f38-0656-2ff8c78c83f3 Document and implement privacy complaint procedures CMA_0189 - Document and implement privacy complaint procedures Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures CMA_C1352 - Review and update incident response policies and procedures Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance ca6d7878-3189-1833-4620-6c7254ed1607 Obtain continuous monitoring plan for security controls CMA_C1577 - Obtain continuous monitoring plan for security controls Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 4edaca8c-0912-1ac5-9eaa-6a1057740fae Provide capability to disconnect or disable remote access CMA_C1066 - Provide capability to disconnect or disable remote access Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures CMA_C1446 - Review and update physical and environmental policies and procedures Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 4c385143-09fd-3a34-790c-a5fd9ec77ddc Provide role-based security training CMA_C1094 - Provide role-based security training Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management CMA_0026 - Automate account management Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 396f465d-375e-57de-58ba-021adb008191 Invalidate session identifiers at logout CMA_C1661 - Invalidate session identifiers at logout Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys CMA_C1646 - Produce, control and distribute asymmetric cryptographic keys Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 98e33927-8d7f-6d5f-44f5-2469b40b7215 Implement Incident handling capability CMA_C1367 - Implement Incident handling capability Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance cdcb825f-a0fb-31f9-29c1-ab566718499a Publish Computer Matching Agreements on public website CMA_C1829 - Publish Computer Matching Agreements on public website Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts CMA_0203 - Document security strength requirements in acquisition contracts Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance d48a6f19-a284-6fc6-0623-3367a74d3f50 Update interconnection security agreements CMA_0519 - Update interconnection security agreements Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB CMA_0050 - Block untrusted and unsigned processes that run from USB Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 098dcde7-016a-06c3-0985-0daaf3301d3a Distribute authenticators CMA_0184 - Distribute authenticators Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance eb598832-4bcc-658d-4381-3ecbe17b9866 Provide timely maintenance support CMA_C1425 - Provide timely maintenance support Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism CMA_0208 - Employ a media sanitization mechanism Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance e29a8f1b-149b-2fa3-969d-ebee1baa9472 Assign an authorizing official (AO) CMA_C1158 - Assign an authorizing official (AO) Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans CMA_0393 - Perform vulnerability scans Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 0040d2e5-2779-170d-6a2c-1f5fca353335 Restrict location of information processing, storage and services CMA_C1593 - Restrict location of information processing, storage and services Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities CMA_0080 - Control maintenance and repair activities Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management CMA_0533 - Use privileged identity management Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance e3905a3c-97e7-0b4f-15fb-465c0927536f Correlate Vulnerability scan information CMA_C1558 - Correlate Vulnerability scan information Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process CMA_0115 - Define a physical key management process Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access CMA_0024 - Authorize remote access Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness CMA_0250 - Enforce user uniqueness Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting CMA_0277 - Establish requirements for audit review and reporting Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 43ac3ccb-4ef6-7d63-9a3f-6848485ba4e8 Automate process to document implemented changes CMA_C1195 - Automate process to document implemented changes Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance d8350d4c-9314-400b-288f-20ddfce04fbd Define and enforce the limit of concurrent sessions CMA_C1050 - Define and enforce the limit of concurrent sessions Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination CMA_0169 - Disable authenticators upon termination Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight CMA_C1587 - Define and document government oversight Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements CMA_0122 - Define mobile device requirements Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 6f311b49-9b0d-8c67-3d6e-db80ae528173 Bind authenticators and identities dynamically CMA_0035 - Bind authenticators and identities dynamically Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity CMA_0542 - Verify software, firmware and information integrity Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 0a24f5dc-8c40-94a7-7aee-bb7cd4781d37 Issue guidelines for ensuring data quality and integrity CMA_C1824 - Issue guidelines for ensuring data quality and integrity Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures CMA_0158 - Develop information security policies and procedures Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access CMA_0245 - Enforce logical access Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 29363ae1-68cd-01ca-799d-92c9197c8404 Manage authenticator lifetime and reuse CMA_0355 - Manage authenticator lifetime and reuse Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data CMA_0353 - Maintain records of processing of personal data Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access CMA_0081 - Control physical access Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 5c33538e-02f8-0a7f-998b-a4c1e22076d3 Govern compliance of cloud service providers CMA_0290 - Govern compliance of cloud service providers Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance dbcef108-7a04-38f5-8609-99da110a2a57 Determine information protection needs CMA_C1750 - Determine information protection needs Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 0461cacd-0b3b-4f66-11c5-81c9b19a3d22 Verify inaccurate or outdated PII CMA_C1823 - Verify inaccurate or outdated PII Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 08c11b48-8745-034d-1c1b-a144feec73b9 Restrict use of open source software CMA_C1237 - Restrict use of open source software Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 496b407d-9b9e-81e8-4ba4-44bc686b016a Conduct exit interview upon termination CMA_0058 - Conduct exit interview upon termination Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 2e7a98c9-219f-0d58-38dc-d69038224442 Protect the information security program plan CMA_C1732 - Protect the information security program plan Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance ad1d562b-a04b-15d3-6770-ed310b601cb5 Publish rules and regulations accessing Privacy Act records CMA_C1847 - Publish rules and regulations accessing Privacy Act records Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 3881168c-5d38-6f04-61cc-b5d87b2c4c58 Establish third-party personnel security requirements CMA_C1529 - Establish third-party personnel security requirements Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance e0c480bf-0d68-a42d-4cbb-b60f851f8716 Implement personnel screening CMA_0322 - Implement personnel screening Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices CMA_0296 - Identify and authenticate network devices Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance b8689b2e-4308-a58b-a0b4-6f3343a000df Use automated mechanisms for security alerts CMA_C1707 - Use automated mechanisms for security alerts Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 28aa060e-25c7-6121-05d8-a846f11433df Review and update planning policies and procedures CMA_C1491 - Review and update planning policies and procedures Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 13939f8c-4cd5-a6db-9af4-9dfec35e3722 Identify and mitigate potential issues at alternate storage site CMA_C1271 - Identify and mitigate potential issues at alternate storage site Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 898a5781-2254-5a37-34c7-d78ea7c20d55 Publish SORNs for systems containing PII CMA_C1862 - Publish SORNs for systems containing PII Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 96333008-988d-4add-549b-92b3a8c42063 Update privacy plan, policies, and procedures CMA_C1807 - Update privacy plan, policies, and procedures Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 5226dee6-3420-711b-4709-8e675ebd828f Update information security policies CMA_0518 - Update information security policies Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization CMA_0495 - Set automated notifications for new and trending cloud applications in your organization Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways CMA_0363 - Manage gateways Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 7a489c62-242c-5db9-74df-c073056d6fa3 Designate personnel to supervise unauthorized maintenance activities CMA_C1422 - Designate personnel to supervise unauthorized maintenance activities Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 8eea8c14-4d93-63a3-0c82-000343ee5204 Conduct a full text analysis of logged privileged commands CMA_0056 - Conduct a full text analysis of logged privileged commands Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance c6fe3856-4635-36b6-983c-070da12a953b Implement the risk management strategy CMA_C1744 - Implement the risk management strategy Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 35de8462-03ff-45b3-5746-9d4603c74c56 Implement an insider threat program CMA_C1751 - Implement an insider threat program Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 56fb5173-3865-5a5d-5fad-ae33e53e1577 Address information security issues CMA_C1742 - Address information security issues Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 68a39c2b-0f17-69ee-37a3-aa10f9853a08 Establish voip usage restrictions CMA_0280 - Establish voip usage restrictions Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model CMA_0129 - Design an access control model Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Monitoring 1f6e93e8-6b31-41b1-83f6-36e449a42579 Deploy Diagnostic Settings for Event Hub to Log Analytics workspace Deploys the diagnostic settings for Event Hub to stream to a regional Log Analytics workspace when any Event Hub which is missing this diagnostic settings is created or updated. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 002
Log Analytics Contributor
Monitoring Contributor
change
2022-09-27 16:35:32
Major (1.1.0 > 2.0.0)
Regulatory Compliance 398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards CMA_0272 - Establish firewall and router configuration standards Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 69d90ee6-9f9f-262a-2038-d909fb4e5723 Identify spilled information CMA_0303 - Identify spilled information Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance de251b09-4a5e-1204-4bef-62ac58d47999 Adjust level of audit review, analysis, and reporting CMA_C1123 - Adjust level of audit review, analysis, and reporting Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 3eecf628-a1c8-1b48-1b5c-7ca781e97970 Specify permitted actions associated with customer audit information CMA_C1122 - Specify permitted actions associated with customer audit information Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 84245967-7882-54f6-2d34-85059f725b47 Establish an information security program CMA_0263 - Establish an information security program Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance ff136354-1c92-76dc-2dab-80fb7c6a9f1a Observe and report security weaknesses CMA_0384 - Observe and report security weaknesses Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 4502e506-5f35-0df4-684f-b326e3cc7093 Terminate user session automatically CMA_C1054 - Terminate user session automatically Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance d041726f-00e0-41ca-368c-b1a122066482 Provide role-based practical exercises CMA_C1096 - Provide role-based practical exercises Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 60442979-6333-85f0-84c5-b887bac67448 Evaluate alternate processing site capabilities CMA_C1266 - Evaluate alternate processing site capabilities Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment CMA_0378 - Monitor privileged role assignment Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance ef5a7059-6651-73b1-18b3-75b1b79c1565 Define information security roles and responsibilities CMA_C1565 - Define information security roles and responsibilities Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 68d2e478-3b19-23eb-1357-31b296547457 Enforce software execution privileges CMA_C1041 - Enforce software execution privileges Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 8b077bff-516f-3983-6c42-c86e9a11868b Designate individuals to fulfill specific roles and responsibilities CMA_C1747 - Designate individuals to fulfill specific roles and responsibilities Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies CMA_C1651 - Define acceptable and unacceptable mobile code technologies Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 6a379d74-903b-244a-4c44-838728bea6b0 Analyse data obtained from continuous monitoring CMA_C1169 - Analyse data obtained from continuous monitoring Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance d9edcea6-6cb8-0266-a48c-2061fbac4310 Plan for continuance of essential business functions CMA_C1255 - Plan for continuance of essential business functions Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 33d34fac-56a8-1c0f-0636-3ed94892a709 Govern the allocation of resources CMA_0293 - Govern the allocation of resources Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 0bbfd658-93ab-6f5e-1e19-3c1c1da62d01 Keep accurate accounting of disclosures of information CMA_C1818 - Keep accurate accounting of disclosures of information Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory CMA_0096 - Create a data inventory Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance fd81a1b3-2d7a-107c-507e-29b87d040c19 Enforce appropriate usage of all accounts CMA_C1023 - Enforce appropriate usage of all accounts Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years CMA_0522 - Update rules of behavior and access agreements every 3 years Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance bf883b14-9c19-0f37-8825-5e39a8b66d5b Perform threat modeling CMA_0392 - Perform threat modeling Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 58a51cde-008b-1a5d-61b5-d95849770677 Test the business continuity and disaster recovery plan CMA_0509 - Test the business continuity and disaster recovery plan Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 836f8406-3b8a-11bb-12cb-6c7fa0765668 Develop configuration item identification plan CMA_C1231 - Develop configuration item identification plan Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution CMA_0514 - Turn on sensors for endpoint security solution Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 79c75b38-334b-1a69-65e0-a9d929a42f75 Document the legal basis for processing personal information CMA_0206 - Document the legal basis for processing personal information Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers CMA_0270 - Establish configuration management requirements for developers Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 6ab47bbf-867e-9113-7998-89b58f77326a Respond to complaints, concerns, or questions timely CMA_C1853 - Respond to complaints, concerns, or questions timely Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 75b42dcf-7840-1271-260b-852273d7906e Develop contingency planning policies and procedures CMA_0156 - Develop contingency planning policies and procedures Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities CMA_0198 - Document security and privacy training activities Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures CMA_C1175 - Review and update configuration management policies and procedures Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 33602e78-35e3-4f06-17fb-13dd887448e4 Conduct capacity planning CMA_C1252 - Conduct capacity planning Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations CMA_0153 - Develop and maintain baseline configurations Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M CMA_C1156 - Develop POA&M Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 318b2bd9-9c39-9f8b-46a7-048401f33476 Address coding vulnerabilities CMA_0003 - Address coding vulnerabilities Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 5d3abfea-a130-1208-29c0-e57de80aa6b0 Review the results of contingency plan testing CMA_C1262 - Review the results of contingency plan testing Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance d7c1ecc3-2980-a079-1569-91aec8ac4a77 Conduct risk assessment and distribute its results CMA_C1544 - Conduct risk assessment and distribute its results Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly CMA_0475 - Review malware detections report weekly Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis CMA_0057 - Conduct a security impact analysis Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy CMA_0258 - Establish a risk management strategy Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 2401b496-7f23-79b2-9f80-89bb5abf3d4a Protect incident response plan CMA_0405 - Protect incident response plan Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting CMA_0339 - Integrate audit review, analysis, and reporting Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures CMA_C1616 - Review and update system and communications protection policies and procedures Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity CMA_0473 - Review file and folder activity Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 7d70383a-32f4-a0c2-61cf-a134851968c2 Determine legal authority to collect PII CMA_C1800 - Determine legal authority to collect PII Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 3a868d0c-538f-968b-0191-bddb44da5b75 Require developers to document approved changes and potential impact CMA_C1597 - Require developers to document approved changes and potential impact Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance e21f91d1-2803-0282-5f2d-26ebc4b170ef Update organizational access agreements CMA_0520 - Update organizational access agreements Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems CMA_0491 - Secure the interface to external systems Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 1e0d5ba8-a433-01aa-829c-86b06c9631ec Include dynamic reconfig of customer deployed resources CMA_C1364 - Include dynamic reconfig of customer deployed resources Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 0dcbaf2f-075e-947b-8f4c-74ecc5cd302c Identify individuals with security roles and responsibilities CMA_C1566 - Identify individuals with security roles and responsibilities Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access CMA_0411 - Protect wireless access Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved CMA_C1700 - Detect network services that have not been authorized or approved Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance de936662-13dc-204c-75ec-1af80f994088 Provide contingency training CMA_0412 - Provide contingency training Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 3c93dba1-84fd-57de-33c7-ef0400a08134 Establish terms and conditions for accessing resources CMA_C1076 - Establish terms and conditions for accessing resources Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 8bfdbaa6-6824-3fec-9b06-7961bf7389a6 Initiate contingency plan testing corrective actions CMA_C1263 - Initiate contingency plan testing corrective actions Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance b320aa42-33b4-53af-87ce-100091d48918 Document third-party personnel security requirements CMA_C1531 - Document third-party personnel security requirements Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use CMA_0120 - Define cryptographic use Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 015b4935-448a-8684-27c0-d13086356c33 Implement a threat awareness program CMA_C1758 - Implement a threat awareness program Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 8bb40df9-23e4-4175-5db3-8dba86349b73 Confirm quality and integrity of PII CMA_C1821 - Confirm quality and integrity of PII Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 34738025-5925-51f9-1081-f2d0060133ed Information security and personal data protection CMA_0332 - Information security and personal data protection Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site CMA_0262 - Establish an alternate processing site Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance a44c9fba-43f8-4b7b-7ee6-db52c96b4366 Facilitate information sharing CMA_0284 - Facilitate information sharing Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 13ef3484-3a51-785a-9c96-500f21f84edd Information flow control using security policy filters CMA_C1029 - Information flow control using security policy filters Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points CMA_0484 - Route traffic through managed network access points Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information CMA_0022 - Authorize access to security functions and information Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization CMA_0376 - Monitor access across the organization Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers CMA_0321 - Implement parameters for memorized secret verifiers Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 1b8a7ec3-11cc-a2d3-8cd0-eedf074424a4 Employ automatic shutdown/restart when violations are detected CMA_C1715 - Employ automatic shutdown/restart when violations are detected Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance ece8bb17-4080-5127-915f-dc7267ee8549 Verify security functions CMA_C1708 - Verify security functions Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan CMA_C1144 - Develop security assessment plan Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 77cc89bb-774f-48d7-8a84-fb8c322c3000 Track software license usage CMA_C1235 - Track software license usage Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior CMA_0465 - Review and sign revised rules of behavior Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Monitoring bd58d393-162c-4134-bcd6-a6a5484a37a1 The legacy Log Analytics extension should not be installed on Azure Arc enabled Linux servers Automatically prevent installation of the legacy Log Analytics Agent as the final step of migrating from legacy agents to Azure Monitor Agent. After you have uninstalled existing legacy extensions, this policy will deny all future installations of the legacy agent extension on Azure Arc enabled Linux servers. Learn more: https://aka.ms/migratetoAMA Default
Audit
Allowed
Deny, Audit, Disabled
add
2022-09-27 16:35:32
bd58d393-162c-4134-bcd6-a6a5484a37a1
Regulatory Compliance 3153d9c0-2584-14d3-362d-578b01358aeb Retain training records CMA_0456 - Retain training records Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls CMA_C1145 - Assess Security Controls Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures CMA_0454 - Retain security policies and procedures Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance b4512986-80f5-1656-0c58-08866bd2673a Designate authorized personnel to post publicly accessible information CMA_C1083 - Designate authorized personnel to post publicly accessible information Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy CMA_0256 - Establish a password policy Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations CMA_0202 - Document security operations Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures CMA_C1560 - Review and update system and services acquisition policies and procedures Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity CMA_0377 - Monitor account activity Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 2af551d5-1775-326a-0589-590bfb7e9eb2 Limit privileges to make changes in production environment CMA_C1206 - Limit privileges to make changes in production environment Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 037c0089-6606-2dab-49ad-437005b5035f Identify incident response personnel CMA_0301 - Identify incident response personnel Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts CMA_0446 - Restrict access to privileged accounts Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices CMA_0083 - Control use of portable storage devices Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 725164e5-3b21-1ec2-7e42-14f077862841 Require compliance with intellectual property rights CMA_0432 - Require compliance with intellectual property rights Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures CMA_0268 - Establish backup policies and procedures Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 0f4fa857-079d-9d3d-5c49-21f616189e03 Provide real-time alerts for audit event failures CMA_C1114 - Provide real-time alerts for audit event failures Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance f8d141b7-4e21-62a6-6608-c79336e36bc9 Establish privacy requirements for contractors and service providers CMA_C1810 - Establish privacy requirements for contractors and service providers Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly CMA_0476 - Review role group changes weekly Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance ba99d512-3baa-1c38-8b0b-ae16bbd34274 Test contingency plan at an alternate processing location CMA_C1265 - Test contingency plan at an alternate processing location Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 3f1216b0-30ee-1ac9-3899-63eb744e85f5 Obtain Admin documentation CMA_C1580 - Obtain Admin documentation Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 9e3c505e-7aeb-2096-3417-b132242731fc Review content prior to posting publicly accessible information CMA_C1085 - Review content prior to posting publicly accessible information Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance e4e1f896-8a93-1151-43c7-0ad23b081ee2 Authorize, monitor, and control voip CMA_0025 - Authorize, monitor, and control voip Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance f96d2186-79df-262d-3f76-f371e3b71798 Review user privileges CMA_C1039 - Review user privileges Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 575ed5e8-4c29-99d0-0e4d-689fb1d29827 Automate approval request for proposed changes CMA_C1192 - Automate approval request for proposed changes Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance b5244f81-6cab-3188-2412-179162294996 Review publicly accessible content for nonpublic information CMA_C1086 - Review publicly accessible content for nonpublic information Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Security Center 98ea2fc7-6fc6-4fd1-9d8d-6331154da071 [Preview]: Configure supported Windows virtual machines to automatically install the Guest Attestation extension Configure supported Windows virtual machines to automatically install the Guest Attestation extension to allow Azure Security Center to proactively attest and monitor the boot integrity. Boot integrity is attested via Remote Attestation. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 001
Virtual Machine Contributor
change
2022-09-27 16:35:32
Major, suffix remains equal (4.0.0-preview > 5.0.0-preview)
Regulatory Compliance a28323fe-276d-3787-32d2-cef6395764c4 Develop audit and accountability policies and procedures CMA_0154 - Develop audit and accountability policies and procedures Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events CMA_0471 - Review controlled folder access events Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance eda0cbb7-6043-05bf-645b-67411f1a59b3 Ensure there are no unencrypted static authenticators CMA_C1340 - Ensure there are no unencrypted static authenticators Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 00f12b6f-10d7-8117-9577-0f2b76488385 Integrate risk management process into SDLC CMA_C1567 - Integrate risk management process into SDLC Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance b7306e73-0494-83a2-31f5-280e934a8f70 Develop and document a DDoS response plan CMA_0147 - Develop and document a DDoS response plan Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Security Center c9b2ae08-09e2-4f0e-bb43-b60bf0135bdf [Preview]: Configure supported Windows virtual machine scale sets to automatically install the Guest Attestation extension Configure supported Windows virtual machines scale sets to automatically install the Guest Attestation extension to allow Azure Security Center to proactively attest and monitor the boot integrity. Boot integrity is attested via Remote Attestation. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 001
Virtual Machine Contributor
change
2022-09-27 16:35:32
Major, suffix remains equal (3.0.0-preview > 4.0.0-preview)
Regulatory Compliance 2d2ca910-7957-23ee-2945-33f401606efc Accept only FICAM-approved third-party credentials CMA_C1348 - Accept only FICAM-approved third-party credentials Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems CMA_0325 - Implement security engineering principles of information systems Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 2d14ff7e-6ff9-838c-0cde-4962ccdb1689 Employ business case to record the resources required CMA_C1735 - Employ business case to record the resources required Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Security Center f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Install Guest Attestation extension on supported virtual machines scale sets to allow Azure Security Center to proactively attest and monitor the boot integrity. Once installed, boot integrity will be attested via Remote Attestation. This assessment applies to Trusted Launch and Confidential Windows virtual machine scale sets. Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
change
2022-09-27 16:35:32
Major, suffix remains equal (2.0.0-preview > 3.0.0-preview)
Regulatory Compliance 1fdeb7c4-4c93-8271-a135-17ebe85f1cc7 Incorporate simulated events into incident response training CMA_C1356 - Incorporate simulated events into incident response training Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators CMA_0538 - Verify identity before distributing authenticators Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 311802f9-098d-0659-245a-94c5d47c0182 Employ boundary protection to isolate information systems CMA_C1639 - Employ boundary protection to isolate information systems Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts CMA_0194 - Document protection of personal data in acquisition contracts Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Security Center 97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Enable Secure Boot on supported Windows virtual machines to mitigate against malicious and unauthorized changes to the boot chain. Once enabled, only trusted bootloaders, kernel and kernel drivers will be allowed to run. This assessment applies to Trusted Launch and Confidential Windows virtual machines. Default
Audit
Allowed
Audit, Disabled
change
2022-09-27 16:35:32
Major, suffix remains equal (3.0.0-preview > 4.0.0-preview)
Regulatory Compliance 518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training CMA_0415 - Provide privacy training Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance f33c3238-11d2-508c-877c-4262ec1132e1 Recover and reconstitute resources after any disruption CMA_C1295 - Recover and reconstitute resources after any disruption Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance b544f797-a73b-1be3-6d01-6b1a085376bc Establish information security workforce development and improvement program CMA_C1752 - Establish information security workforce development and improvement program Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance c981fa70-2e58-8141-1457-e7f62ebc2ade Document organizational access agreements CMA_0192 - Document organizational access agreements Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information CMA_C1267 - Establish alternate storage site to store and retrieve backup information Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services CMA_0416 - Provide secure name and address resolution services Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Security Center a21f8c92-9e22-4f09-b759-50500d1d2dda [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines scale sets Install Guest Attestation extension on supported Linux virtual machines scale sets to allow Azure Security Center to proactively attest and monitor the boot integrity. Once installed, boot integrity will be attested via Remote Attestation. This assessment applies to Trusted Launch and Confidential Linux virtual machine scale sets. Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
change
2022-09-27 16:35:32
Major, suffix remains equal (4.0.0-preview > 5.0.0-preview)
Regulatory Compliance 74041cfe-3f87-1d17-79ec-34ca5f895542 Produce complete records of remote maintenance activities CMA_C1403 - Produce complete records of remote maintenance activities Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 449ebb52-945b-36e5-3446-af6f33770f8f Update the security authorization CMA_C1160 - Update the security authorization Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 6baae474-434f-2e91-7163-a72df30c4847 Manage security state of information systems CMA_C1746 - Manage security state of information systems Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 7bdb79ea-16b8-453e-4ca4-ad5b16012414 Transfer backup information to an alternate storage site CMA_C1294 - Transfer backup information to an alternate storage site Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 21633c09-804e-7fcd-78e3-635c6bfe2be7 Provide capability to process customer-controlled audit records CMA_C1126 - Provide capability to process customer-controlled audit records Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan CMA_0151 - Develop and establish a system security plan Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 069101ac-4578-31da-0cd4-ff083edd3eb4 Obtain consent prior to collection or processing of personal data CMA_0385 - Obtain consent prior to collection or processing of personal data Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices CMA_0396 - Prohibit unfair practices Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 5decc032-95bd-2163-9549-a41aba83228e Implement formal sanctions process CMA_0317 - Implement formal sanctions process Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users CMA_C1346 - Identify and authenticate non-organizational users Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 5bac5fb7-7735-357b-767d-02264bfe5c3b Perform all non-local maintenance CMA_C1417 - Perform all non-local maintenance Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance d9af7f88-686a-5a8b-704b-eafdab278977 Obtain legal opinion for monitoring system activities CMA_C1688 - Obtain legal opinion for monitoring system activities Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance a930f477-9dcb-2113-8aa7-45bb6fc90861 Review and update the events defined in AU-02 CMA_C1106 - Review and update the events defined in AU-02 Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment CMA_0387 - Perform a privacy impact assessment Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 3054c74b-9b45-2581-56cf-053a1a716c39 Accept assessment results CMA_C1150 - Accept assessment results Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption CMA_0408 - Protect passwords with encryption Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance f3c17714-8ce7-357f-4af2-a0baa63a063f Make SORNs available publicly CMA_C1865 - Make SORNs available publicly Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance c8aa992d-76b7-7ca0-07b3-31a58d773fa9 Employ automated training environment CMA_C1357 - Employ automated training environment Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 25a1f840-65d0-900a-43e4-bee253de04de Define requirements for managing assets CMA_0125 - Define requirements for managing assets Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 9b8b05ec-3d21-215e-5d98-0f7cf0998202 Provide security awareness training for insider threats CMA_0417 - Provide security awareness training for insider threats Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 81b6267b-97a7-9aa5-51ee-d2584a160424 Create separate alternate and primary storage sites CMA_C1269 - Create separate alternate and primary storage sites Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance dad1887d-161b-7b61-2e4d-5124a7b5724e Measure the time between flaw identification and flaw remediation CMA_C1674 - Measure the time between flaw identification and flaw remediation Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance b273f1e3-79e7-13ee-5b5d-dca6c66c3d5d Manage maintenance personnel CMA_C1421 - Manage maintenance personnel Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance d93fe1be-13e4-421d-9c21-3158e2fa2667 Implement plans of action and milestones for security program process CMA_C1737 - Implement plans of action and milestones for security program process Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 97f0d974-1486-01e2-2088-b888f46c0589 Train personnel on disclosure of nonpublic information CMA_C1084 - Train personnel on disclosure of nonpublic information Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 80029bc5-834f-3a9c-a2d8-acbc1aab4e9f Employ restrictions on external system interconnections CMA_C1155 - Employ restrictions on external system interconnections Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 92a7591f-73b3-1173-a09c-a08882d84c70 Identify actions allowed without authentication CMA_0295 - Identify actions allowed without authentication Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices CMA_0279 - Establish security requirements for the manufacturing of connected devices Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 2067b904-9552-3259-0cdd-84468e284b7c Review and update system maintenance policies and procedures CMA_C1395 - Review and update system maintenance policies and procedures Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 84a01872-5318-049e-061e-d56734183e84 Distribute information system documentation CMA_C1584 - Distribute information system documentation Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 20762f1e-85fb-31b0-a600-e833633f10fe Reveal error messages CMA_C1725 - Reveal error messages Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance ee67c031-57fc-53d0-0cca-96c4c04345e8 Document and distribute a privacy policy CMA_0188 - Document and distribute a privacy policy Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements CMA_0248 - Enforce rules of behavior and access agreements Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks CMA_0486 - Run simulation attacks Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 22c16ae4-19d0-29cb-422f-cb44061180ee Disable user accounts posing a significant risk CMA_C1026 - Disable user accounts posing a significant risk Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 676c3c35-3c36-612c-9523-36d266a65000 Require developers to provide training CMA_C1611 - Require developers to provide training Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices CMA_0062 - Configure actions for noncompliant devices Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance c2eabc28-1e5c-78a2-a712-7cc176c44c07 Implement a penetration testing methodology CMA_0306 - Implement a penetration testing methodology Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 94c842e3-8098-38f9-6d3f-8872b790527d Remove or redact any PII CMA_C1833 - Remove or redact any PII Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance c0559109-6a27-a217-6821-5a6d44f92897 Maintain integrity of audit system CMA_C1133 - Maintain integrity of audit system Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance b33d61c1-7463-7025-0ec0-a47585b59147 Require developers to manage change integrity CMA_C1595 - Require developers to manage change integrity Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview CMA_0468 - Review cloud identity report overview Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data CMA_0544 - View and configure system diagnostic data Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 76d66b5c-85e4-93f5-96a5-ebb2fad61dc6 Terminate customer controlled account credentials CMA_C1022 - Terminate customer controlled account credentials Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 2927e340-60e4-43ad-6b5f-7a1468232cc2 Configure detection whitelist CMA_0068 - Configure detection whitelist Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings CMA_0249 - Enforce security configuration settings Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice CMA_0414 - Provide privacy notice Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements CMA_C1586 - Require external service providers to comply with security requirements Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events CMA_0137 - Determine auditable events Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract CMA_0200 - Document security documentation requirements in acquisition contract Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance c7d57a6a-7cc2-66c0-299f-83bf90558f5d Enforce random unique session identifiers CMA_0247 - Enforce random unique session identifiers Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use CMA_0450 - Restrict media use Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions CMA_0517 - Update antivirus definitions Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance b5a4be05-3997-1731-3260-98be653610f6 Perform disposition review CMA_0391 - Perform disposition review Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 6abdf7c7-362b-3f35-099e-533ed50988f9 Assign information security representative to change control CMA_C1198 - Assign information security representative to change control Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance d4e6a629-28eb-79a9-000b-88030e4823ca Coordinate with external organizations to achieve cross org perspective CMA_C1368 - Coordinate with external organizations to achieve cross org perspective Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance bd6cbcba-4a2d-507c-53e3-296b5c238a8e Develop and document a business continuity and disaster recovery plan CMA_0146 - Develop and document a business continuity and disaster recovery plan Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites CMA_0315 - Implement controls to secure alternate work sites Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 09960521-759e-5d12-086f-4192a72a5e92 Protect administrator and user documentation CMA_C1583 - Protect administrator and user documentation Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures CMA_C1243 - Review and update contingency planning policies and procedures Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access CMA_0382 - Notify users of system logon or access Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 3545c827-26ee-282d-4629-23952a12008b Conduct incident response testing CMA_0060 - Conduct incident response testing Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media CMA_0314 - Implement controls to secure all media Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 3ae68d9a-5696-8c32-62d3-c6f9c52e437c Refresh authenticators CMA_0425 - Refresh authenticators Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 623b5f0a-8cbd-03a6-4892-201d27302f0c Define information system account types CMA_0121 - Define information system account types Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events CMA_0013 - Assess information security events Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem CMA_0340 - Integrate cloud app security with a siem Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 7ded6497-815d-6506-242b-e043e0273928 Plan for resumption of essential business functions CMA_C1253 - Plan for resumption of essential business functions Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information CMA_0211 - Employ flow control mechanisms of encrypted information Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection CMA_0238 - Enable network protection Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users CMA_0419 - Provide security training for new users Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Review and update personnel security policies and procedures CMA_C1507 - Review and update personnel security policies and procedures Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes CMA_0265 - Establish and document change control processes Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling CMA_0318 - Implement incident handling Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods CMA_0324 - Implement privacy notice delivery methods Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 3e37c891-840c-3eb4-78d2-e2e0bb5063e0 Require developers to describe accurate security functionality CMA_C1613 - Require developers to describe accurate security functionality Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts CMA_0201 - Document security functional requirements in acquisition contracts Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan CMA_0264 - Establish and document a configuration management plan Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 62fa14f0-4cbe-762d-5469-0899a99b98aa Explicitly notify use of collaborative computing devices CMA_C1649 - Explicitly notify use of collaborative computing devices Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 60ee1260-97f0-61bb-8155-5d8b75743655 Separate duties of individuals CMA_0492 - Separate duties of individuals Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 291f20d4-8d93-1d73-89f3-6ce28b825563 Authorize, monitor, and control usage of mobile code technologies CMA_C1653 - Authorize, monitor, and control usage of mobile code technologies Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships CMA_0014 - Assess risk in third party relationships Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts CMA_0368 - Manage system and admin accounts Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 18e9d748-73d4-0c96-55ab-b108bfbd5bc3 Notify personnel of any failed security verification tests CMA_C1710 - Notify personnel of any failed security verification tests Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies CMA_0246 - Enforce mandatory and discretionary access control policies Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 5e4e9685-3818-5934-0071-2620c4fa2ca5 Retain previous versions of baseline configs CMA_C1181 - Retain previous versions of baseline configs Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 279052a0-8238-694d-9661-bf649f951747 Identify contaminated systems and components CMA_0300 - Identify contaminated systems and components Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed CMA_0383 - Notify when account is not needed Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory CMA_0266 - Establish and maintain an asset inventory Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 8b1da407-5e60-5037-612e-2caa1b590719 Record disclosures of PII to third parties CMA_0422 - Record disclosures of PII to third parties Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 14a4fd0a-9100-1e12-1362-792014a28155 Update contingency plan CMA_C1248 - Update contingency plan Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 6c79c3e5-5f7b-a48a-5c7b-8c158bc01115 Ensure security categorization is approved CMA_C1540 - Ensure security categorization is approved Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans CMA_0086 - Coordinate contingency plans with related plans Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 834b7a4a-83ab-2188-1a26-9c5033d8173b Incorporate security and data privacy practices in research processing CMA_0331 - Incorporate security and data privacy practices in research processing Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance ca748dfe-3e28-1d18-4221-89aea30aa0a5 Identify status of individual users CMA_C1316 - Identify status of individual users Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges CMA_0298 - Identify and manage downstream information exchanges Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 07b42fb5-027e-5a3c-4915-9d9ef3020ec7 Discover any indicators of compromise CMA_C1702 - Discover any indicators of compromise Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills CMA_0281 - Execute actions in response to information spills Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance f8ded0c6-a668-9371-6bb6-661d58787198 Monitor third-party provider compliance CMA_C1533 - Monitor third-party provider compliance Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 7d10debd-4775-85a7-1a41-7e128e0e8c50 Automate process to prohibit implementation of unapproved changes CMA_C1194 - Automate process to prohibit implementation of unapproved changes Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance dd6d00a8-701a-5935-a22b-c7b9c0c698b2 Isolate SecurID systems, Security Incident Management systems CMA_C1636 - Isolate SecurID systems, Security Incident Management systems Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance db580551-0b3c-4ea1-8a4c-4cdb5feb340f Provide the logout capability CMA_C1055 - Provide the logout capability Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 2f204e72-1896-3bf8-75c9-9128b8683a36 Reissue authenticators for changed groups and accounts CMA_0426 - Reissue authenticators for changed groups and accounts Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance b8ec9ebb-5b7f-8426-17c1-2bc3fcd54c6e Implement methods for consumer requests CMA_0319 - Implement methods for consumer requests Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 95eb7d09-9937-5df9-11d9-20317e3f60df Provide formal notice to individuals CMA_C1864 - Provide formal notice to individuals Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board CMA_0254 - Establish a configuration control board Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 9150259b-617b-596d-3bf5-5ca3fce20335 Establish policies for supply chain risk management CMA_0275 - Establish policies for supply chain risk management Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data CMA_0369 - Manage the input, output, processing, and storage of data Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance c2cb4658-44dc-9d11-3dad-7c6802dd5ba3 Generate error messages CMA_C1724 - Generate error messages Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 171e377b-5224-4a97-1eaa-62a3b5231dac Generate internal security alerts CMA_C1704 - Generate internal security alerts Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 21832235-7a07-61f4-530d-d596f76e5b95 Implement security testing, training, and monitoring plans CMA_C1753 - Implement security testing, training, and monitoring plans Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 93fa357f-2e38-22a9-5138-8cc5124e1923 Categorize information CMA_0052 - Categorize information Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance d91558ce-5a5c-551b-8fbb-83f793255e09 Route traffic through authenticated proxy network CMA_C1633 - Route traffic through authenticated proxy network Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance cf79f602-1e60-5423-6c0c-e632c2ea1fc0 Implement controls to protect PII CMA_C1839 - Implement controls to protect PII Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 3af53f59-979f-24a8-540f-d7cdbc366607 Require users to sign access agreement CMA_0440 - Require users to sign access agreement Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance b269a749-705e-8bff-055a-147744675cdf Conduct backup of information system documentation CMA_C1289 - Conduct backup of information system documentation Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training CMA_0191 - Document mobility training Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets CMA_0370 - Manage the transportation of assets Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 7a114735-a420-057d-a651-9a73cd0416ef Require developers to provide unified security protection approach CMA_C1614 - Require developers to provide unified security protection approach Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts CMA_0205 - Document the information system environment in acquisition contracts Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms CMA_0005 - Adopt biometric authentication mechanisms Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance b7897ddc-9716-2460-96f7-7757ad038cc4 Assign risk designations CMA_0016 - Assign risk designations Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 3eabed6d-1912-2d3c-858b-f438d08d0412 Ensure external providers consistently meet interests of the customers CMA_C1592 - Ensure external providers consistently meet interests of the customers Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption CMA_0403 - Protect data in transit using encryption Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance f131c8c5-a54a-4888-1efc-158928924bc1 Require developers to build security architecture CMA_C1612 - Require developers to build security architecture Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance d4f70530-19a2-2a85-6e0c-0c3c465e3325 Make accounting of disclosures available upon request CMA_C1820 - Make accounting of disclosures available upon request Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations CMA_0140 - Determine supplier contract obligations Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance afd5d60a-48d2-8073-1ec2-6687e22f2ddd Require notification of third-party personnel transfer or termination CMA_C1532 - Require notification of third-party personnel transfer or termination Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 214ea241-010d-8926-44cc-b90a96d52adc Compile Audit records into system wide audit CMA_C1140 - Compile Audit records into system wide audit Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow CMA_0079 - Control information flow Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions CMA_0019 - Audit privileged functions Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 3ad7f0bc-3d03-0585-4d24-529779bb02c2 Maintain availability of information CMA_C1644 - Maintain availability of information Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators CMA_0329 - Implement training for protecting authenticators Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly CMA_0479 - Review threat protection status weekly Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training CMA_C1091 - Provide periodic security awareness training Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 678ca228-042d-6d8e-a598-c58d5670437d Prohibit remote activation of collaborative computing devices CMA_C1648 - Prohibit remote activation of collaborative computing devices Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training CMA_C1095 - Provide periodic role-based security training Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance eff6e4a5-3efe-94dd-2ed1-25d56a019a82 Distribute policies and procedures CMA_0185 - Distribute policies and procedures Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources CMA_C1077 - Establish terms and conditions for processing resources Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines CMA_0196 - Document remote access guidelines Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 27ce30dd-3d56-8b54-6144-e26d9a37a541 Ensure audit records are not altered CMA_C1125 - Ensure audit records are not altered Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 2af4640d-11a6-a64b-5ceb-a468f4341c0c Define and enforce inactivity log policy CMA_C1017 - Define and enforce inactivity log policy Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 6228396e-2ace-7ca5-3247-45767dbf52f4 Notify personnel upon sanctions CMA_0380 - Notify personnel upon sanctions Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 20012034-96f0-85c2-4a86-1ae1eb457802 Review and update risk assessment policies and procedures CMA_C1537 - Review and update risk assessment policies and procedures Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard CMA_0152 - Develop and maintain a vulnerability management standard Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance d200f199-69f4-95a6-90b0-37ff0cf1040c Provide the capability to extend or limit auditing on customer-deployed resources CMA_C1141 - Provide the capability to extend or limit auditing on customer-deployed resources Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities CMA_0364 - Manage nonlocal maintenance and diagnostic activities Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 245fe58b-96f8-9f1e-48c5-7f49903f66fd Establish alternate storage site that facilitates recovery operations CMA_C1270 - Establish alternate storage site that facilitates recovery operations Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance f7eb1d0b-6d4f-2d59-1591-7563e11a9313 Define and enforce conditions for shared and group accounts CMA_0117 - Define and enforce conditions for shared and group accounts Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 979ed3b6-83f9-26bc-4b86-5b05464700bf Modify access authorizations upon personnel transfer CMA_0374 - Modify access authorizations upon personnel transfer Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements CMA_0193 - Document personnel acceptance of privacy requirements Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance c246d146-82b0-301f-32e7-1065dcd248b7 Review changes for any unauthorized changes CMA_C1204 - Review changes for any unauthorized changes Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 8b1f29eb-1b22-4217-5337-9207cb55231e Perform information input validation CMA_C1723 - Perform information input validation Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics CMA_0474 - Review label activity and analytics Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 12af7c7a-92af-9e96-0d0c-5e732d1a3751 Ensure information system fails in known state CMA_C1662 - Ensure information system fails in known state Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance c42f19c9-5d88-92da-0742-371a0ea03126 Clear personnel with access to classified information CMA_0054 - Clear personnel with access to classified information Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance a90c4d44-7fac-8e02-6d5b-0d92046b20e6 Automate flaw remediation CMA_0027 - Automate flaw remediation Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures CMA_0292 - Govern policies and procedures Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 874a6f2e-2098-53bc-3a16-20dcdc425a7e Create configuration plan protection CMA_C1233 - Create configuration plan protection Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance bfc540fe-376c-2eef-4355-121312fa4437 Maintain separate execution domains for running processes CMA_C1665 - Maintain separate execution domains for running processes Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined CMA_0004 - Adhere to retention periods defined Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance e54901fe-42c2-7f3b-3c5f-327aa5320a69 Automate information sharing decisions CMA_0028 - Automate information sharing decisions Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Monitoring d4b065e2-fbda-4461-a42c-b0346aeb12a0 The legacy Log Analytics extension should not be installed on Linux virtual machines Automatically prevent installation of the legacy Log Analytics Agent as the final step of migrating from legacy agents to Azure Monitor Agent. After you have uninstalled existing legacy extensions, this policy will deny all future installations of the legacy agent extension on Linux virtual machines. Learn more: https://aka.ms/migratetoAMA Default
Audit
Allowed
Deny, Audit, Disabled
add
2022-09-27 16:35:32
d4b065e2-fbda-4461-a42c-b0346aeb12a0
Regulatory Compliance d25cbded-121e-0ed6-1857-dc698c9095b1 Take action in response to customer information CMA_C1554 - Take action in response to customer information Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 4aacaec9-0628-272c-3e83-0d68446694e0 Manage Authenticators CMA_C1321 - Manage Authenticators Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys CMA_0367 - Manage symmetric cryptographic keys Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance b8dad106-6444-5f55-307e-1e1cc9723e39 Ensure cryptographic mechanisms are under configuration management CMA_C1199 - Ensure cryptographic mechanisms are under configuration management Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 5023a9e7-8e64-2db6-31dc-7bce27f796af Provide privacy notice to the public and to individuals CMA_C1861 - Provide privacy notice to the public and to individuals Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan CMA_0145 - Develop an incident response plan Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats CMA_0389 - Perform a trend analysis on threats Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance be1c34ab-295a-07a6-785c-36f63c1d223e Obtain user security function documentation CMA_C1581 - Obtain user security function documentation Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 41172402-8d73-64c7-0921-909083c086b0 Not allow for information systems to accompany with individuals CMA_C1182 - Not allow for information systems to accompany with individuals Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly CMA_0461 - Review administrator assignments weekly Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance cb8841d4-9d13-7292-1d06-ba4d68384681 Perform a business impact assessment and application criticality assessment CMA_0386 - Perform a business impact assessment and application criticality assessment Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements CMA_0136 - Determine assertion requirements Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review CMA_0515 - Undergo independent security review Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance cc2f7339-2fac-1ea9-9ca3-cd530fbb0da2 Create alternative actions for identified anomalies CMA_C1711 - Create alternative actions for identified anomalies Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts CMA_0199 - Document security assurance requirements in acquisition contracts Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 0065241c-72e9-3b2c-556f-75de66332a94 Establish parameters for searching secret authenticators and verifiers CMA_0274 - Establish parameters for searching secret authenticators and verifiers Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 8e920169-739d-40b5-3f99-c4d855327bb2 Prohibit binary/machine-executable code CMA_C1717 - Prohibit binary/machine-executable code Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data CMA_0481 - Review user groups and applications with access to sensitive data Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures CMA_0144 - Develop access control policies and procedures Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance cc057769-01d9-95ad-a36f-1e62a7f9540b Update POA&M items CMA_C1157 - Update POA&M items Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 34aac8b2-488a-2b96-7280-5b9b481a317a Incorporate flaw remediation into configuration management CMA_C1671 - Incorporate flaw remediation into configuration management Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities CMA_0289 - Govern and monitor audit processing activities Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 611ebc63-8600-50b6-a0e3-fef272457132 Employ independent team for penetration testing CMA_C1171 - Employ independent team for penetration testing Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 6bededc0-2985-54d5-4158-eb8bad8070a0 Review and update information integrity policies and procedures CMA_C1667 - Review and update information integrity policies and procedures Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 178c8b7e-1b6e-4289-44dd-2f1526b678a1 Ensure alternate storage site safeguards are equivalent to primary site CMA_C1268 - Ensure alternate storage site safeguards are equivalent to primary site Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance b6b32f80-a133-7600-301e-398d688e7e0c Evaluate and review PII holdings regularly CMA_C1832 - Evaluate and review PII holdings regularly Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service CMA_C1626 - Implement managed interface for each external service Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 8c44a0ea-9b09-4d9c-0e91-f9bee3d05bfb Document customer-defined actions CMA_C1582 - Document customer-defined actions Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance dd2523d5-2db3-642b-a1cf-83ac973b32c2 Establish benchmarks for flaw remediation CMA_C1675 - Establish benchmarks for flaw remediation Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 8019d788-713d-90a1-5570-dac5052f517d Train staff on PII sharing and its consequences CMA_C1871 - Train staff on PII sharing and its consequences Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 04837a26-2601-1982-3da7-bf463e6408f4 Develop configuration management plan CMA_C1232 - Develop configuration management plan Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance aa892c0d-2c40-200c-0dd8-eac8c4748ede Employ automatic emergency lighting CMA_0209 - Employ automatic emergency lighting Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates CMA_0347 - Issue public key certificates Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 16c54e01-9e65-7524-7c33-beda48a75779 Produce, control and distribute symmetric cryptographic keys CMA_C1645 - Produce, control and distribute symmetric cryptographic keys Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users CMA_0545 - View and investigate restricted users Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 37dbe3dc-0e9c-24fa-36f2-11197cbfa207 Ensure authorized users protect provided authenticators CMA_C1339 - Ensure authorized users protect provided authenticators Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 52375c01-4d4c-7acc-3aa4-5b3d53a047ec Define the duties of processors CMA_0127 - Define the duties of processors Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Security Center 57c2e3f0-98cf-4c3b-aa6b-e8f70726e74e [Preview]: Configure supported Linux virtual machine scale sets to automatically install the Guest Attestation extension Configure supported Linux virtual machines scale sets to automatically install the Guest Attestation extension to allow Azure Security Center to proactively attest and monitor the boot integrity. Boot integrity is attested via Remote Attestation. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 001
Virtual Machine Contributor
change
2022-09-27 16:35:32
Major, suffix remains equal (5.0.0-preview > 6.0.0-preview)
Regulatory Compliance e750ca06-1824-464a-2cf3-d0fa754d1cb4 Establish a secure software development program CMA_0259 - Establish a secure software development program Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 3bd4e0af-7cbb-a3ec-4918-056a3c017ae2 Keep SORNs updated CMA_C1863 - Keep SORNs updated Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance a315c657-4a00-8eba-15ac-44692ad24423 Protect special information CMA_0409 - Protect special information Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 4e400494-53a5-5147-6f4d-718b539c7394 Manage compliance activities CMA_0358 - Manage compliance activities Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance b8972f60-8d77-1cb8-686f-9c9f4cdd8a59 Use dedicated machines for administrative tasks CMA_0527 - Use dedicated machines for administrative tasks Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts CMA_0207 - Document the protection of cardholder data in third party contracts Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts CMA_0197 - Document requirements for the use of shared data in contracts Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 4781e5fd-76b8-7d34-6df3-a0a7fca47665 Prevent identifier reuse for the defined time period CMA_C1314 - Prevent identifier reuse for the defined time period Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Regulatory Compliance 10c3a1b1-29b0-a2d5-8f4c-a284b0f07830 Implement cryptographic mechanisms CMA_C1419 - Implement cryptographic mechanisms Default
Manual
Allowed
Manual, Disabled
change
2022-09-27 16:35:32
Minor (1.0.0 > 1.1.0)
Storage 2fb86bf3-d221-43d1-96d1-2434af34eaa0 Configure diagnostic settings for Table Services to Log Analytics workspace Deploys the diagnostic settings for Table Services to stream resource logs to a Log Analytics workspace when any table Service which is missing this diagnostic settings is created or updated. Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled
count: 002
Log Analytics Contributor
Monitoring Contributor
change
2022-09-23 16:35:49
Major (2.0.0 > 3.0.0)
Storage b4fe1a3b-0715-4c6c-a5ea-ffc33cf823cb Configure diagnostic settings for Blob Services to Log Analytics workspace Deploys the diagnostic settings for Blob Services to stream resource logs to a Log Analytics workspace when any blob Service which is missing this diagnostic settings is created or updated. Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled
count: 002
Log Analytics Contributor
Monitoring Contributor
change
2022-09-23 16:35:49
Major (2.0.0 > 3.0.0)
Storage 7bd000e3-37c7-4928-9f31-86c4b77c5c45 Configure diagnostic settings for Queue Services to Log Analytics workspace Deploys the diagnostic settings for Queue Services to stream resource logs to a Log Analytics workspace when any queue Service which is missing this diagnostic settings is created or updated. Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled
count: 002
Log Analytics Contributor
Monitoring Contributor
change
2022-09-23 16:35:49
Major (2.0.0 > 3.0.0)
Network 711c24bb-7f18-4578-b192-81a6161e1f17 Azure Firewall Premium should configure a valid intermediate certificate to enable TLS inspection Configure a valid intermediate certificate and enable Azure Firewall Premium TLS inspection to detect, alert, and mitigate malicious activity in HTTPS. To learn more about TLS inspection with Azure Firewall, visit https://aka.ms/fw-tlsinspect Default
Audit
Allowed
Audit, Deny, Disabled
add
2022-09-23 16:35:49
711c24bb-7f18-4578-b192-81a6161e1f17
Monitoring d2185817-5b7e-473c-aadd-9de6ac114280 The legacy Log Analytics extension should not be installed on virtual machines Automatically prevent installation of the legacy Log Analytics Agent as the final step of migrating from legacy agents to Azure Monitor Agent. After you have uninstalled existing legacy extensions, this policy will deny all future installations of the legacy agent extension on Windows virtual machines. Learn more: https://aka.ms/migratetoAMA Default
Audit
Allowed
Deny, Audit, Disabled
add
2022-09-23 16:35:49
d2185817-5b7e-473c-aadd-9de6ac114280
Security Center 10caed8a-652c-4d1d-84e4-2805b7c07278 [Preview]: Configure ChangeTracking Extension for Linux Arc machines Configure Linux Arc machines to automatically install the ChangeTracking Extension to enable File Integrity Monitoring(FIM) in Azure Security Center. FIM examines operating system files, Windows registries, application software, Linux system files, and more, for changes that might indicate an attack. The extension can be installed in virtual machines and locations supported by Azure Monitor Agent. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 001
Log Analytics Contributor
change
2022-09-23 16:35:49
Minor, suffix remains equal (1.0.0-preview > 1.1.0-preview)
Monitoring df441472-4dae-4e4e-87b9-9205ba46be16 The legacy Log Analytics extension should not be installed on Azure Arc enabled Windows servers Automatically prevent installation of the legacy Log Analytics Agent as the final step of migrating from legacy agents to Azure Monitor Agent. After you have uninstalled existing legacy extensions, this policy will deny all future installations of the legacy agent extension on Azure Arc enabled Windows servers. Learn more: https://aka.ms/migratetoAMA Default
Audit
Allowed
Deny, Audit, Disabled
add
2022-09-23 16:35:49
df441472-4dae-4e4e-87b9-9205ba46be16
Network 6484db87-a62d-4327-9f07-80a2cbdf333a Firewall Policy Premium should enable the Intrusion Detection and Prevention System (IDPS) Enabling the Intrusion Detection and Prevention System (IDPS) allows you to monitor your network for malicious activity, log information about this activity, report it, and optionally attempt to block it. To learn more about the Intrusion Detection and Prevention System (IDPS) with Azure Firewall Premium, visit https://aka.ms/fw-idps Default
Audit
Allowed
Audit, Deny, Disabled
add
2022-09-23 16:35:49
6484db87-a62d-4327-9f07-80a2cbdf333a
Network f2c2d0a6-e183-4fc8-bd8f-363c65d3bbbf Subscription should configure the Azure Firewall Premium to provide additional layer of protection Azure Firewall Premium provides advanced threat protection that meets the needs of highly sensitive and regulated environments. Deploy Azure Firewall Premium to your subscription and make sure all the service traffic are protected by Azure Firewall Premium. To learn more about Azure Firewall Premium, visit https://aka.ms/fw-premium Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
add
2022-09-23 16:35:49
f2c2d0a6-e183-4fc8-bd8f-363c65d3bbbf
Network 632d3993-e2c0-44ea-a7db-2eca131f356d Web Application Firewall (WAF) should enable all firewall rules for Application Gateway Enabling all Web Application Firewall (WAF) rules strengthens your application security and protects your web applications against common vulnerabilities. To learn more about Web Application Firewall (WAF) with Application Gateway, visit https://aka.ms/waf-ag Default
Audit
Allowed
Audit, Deny, Disabled
change
2022-09-23 16:35:49
Patch (1.0.0 > 1.0.1)
Network f516dc7a-4543-4d40-aad6-98f76a706b50 Bypass list of Intrusion Detection and Prevention System (IDPS) should be empty in Firewall Policy Premium Intrusion Detection and Prevention System (IDPS) Bypass List allows you to not filter traffic to any of the IP addresses, ranges, and subnets specified in the bypass list. However, enabling IDPS is recommanded for all traffic flows to better identify known threats. To learn more about the Intrusion Detection and Prevention System (IDPS) signatures with Azure Firewall Premium, visit https://aka.ms/fw-idps-signature Default
Audit
Allowed
Audit, Deny, Disabled
add
2022-09-23 16:35:49
f516dc7a-4543-4d40-aad6-98f76a706b50
Security Center 1288c8d7-4b05-4e3a-bc88-9053caefc021 [Preview]: Configure ChangeTracking Extension for Linux virtual machine scale sets Configure Linux virtual machine scale sets to automatically install the ChangeTracking Extension to enable File Integrity Monitoring(FIM) in Azure Security Center. FIM examines operating system files, Windows registries, application software, Linux system files, and more, for changes that might indicate an attack. The extension can be installed in virtual machines and locations supported by Azure Monitor Agent. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 001
Virtual Machine Contributor
change
2022-09-23 16:35:49
Minor, suffix remains equal (1.0.0-preview > 1.1.0-preview)
Security Center 4bb303db-d051-4099-95d2-e3e1428a4cd5 [Preview]: Configure ChangeTracking Extension for Windows Arc machines Configure Windows Arc machines to automatically install the ChangeTracking Extension to enable File Integrity Monitoring(FIM) in Azure Security Center. FIM examines operating system files, Windows registries, application software, Linux system files, and more, for changes that might indicate an attack. The extension can be installed in virtual machines and locations supported by Azure Monitor Agent. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 001
Log Analytics Contributor
change
2022-09-23 16:35:49
Minor, suffix remains equal (1.0.0-preview > 1.1.0-preview)
Storage 25a70cc8-2bd4-47f1-90b6-1478e4662c96 Configure diagnostic settings for File Services to Log Analytics workspace Deploys the diagnostic settings for File Services to stream resource logs to a Log Analytics workspace when any file Service which is missing this diagnostic settings is created or updated. Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled
count: 002
Log Analytics Contributor
Monitoring Contributor
change
2022-09-23 16:35:49
Major (2.0.0 > 3.0.0)
Security Center ec88097d-843f-4a92-8471-78016d337ba4 [Preview]: Configure ChangeTracking Extension for Linux virtual machines Configure Linux virtual machines to automatically install the ChangeTracking Extension to enable File Integrity Monitoring(FIM) in Azure Security Center. FIM examines operating system files, Windows registries, application software, Linux system files, and more, for changes that might indicate an attack. The extension can be installed in virtual machines and locations supported by Azure Monitor Agent. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 001
Virtual Machine Contributor
change
2022-09-23 16:35:49
Minor, suffix remains equal (1.0.0-preview > 1.1.0-preview)
Security Center f08f556c-12ff-464d-a7de-40cb5b6cccec [Preview]: Configure ChangeTracking Extension for Windows virtual machines Configure Windows virtual machines to automatically install the ChangeTracking Extension to enable File Integrity Monitoring(FIM) in Azure Security Center. FIM examines operating system files, Windows registries, application software, Linux system files, and more, for changes that might indicate an attack. The extension can be installed in virtual machines and locations supported by Azure Monitor Agent. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 001
Virtual Machine Contributor
change
2022-09-23 16:35:49
Minor, suffix remains equal (1.0.0-preview > 1.1.0-preview)
Security Center 4bb303db-d051-4099-95d2-e3e1428a4d2c [Preview]: Configure ChangeTracking Extension for Windows virtual machine scale sets Configure Windows virtual machine scale sets to automatically install the ChangeTracking Extension to enable File Integrity Monitoring(FIM) in Azure Security Center. FIM examines operating system files, Windows registries, application software, Linux system files, and more, for changes that might indicate an attack. The extension can be installed in virtual machines and locations supported by Azure Monitor Agent. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 001
Virtual Machine Contributor
change
2022-09-23 16:35:49
Minor, suffix remains equal (1.0.0-preview > 1.1.0-preview)
Storage 59759c62-9a22-4cdf-ae64-074495983fef Configure diagnostic settings for Storage Accounts to Log Analytics workspace Deploys the diagnostic settings for Storage accounts to stream resource logs to a Log Analytics workspace when any storage accounts which is missing this diagnostic settings is created or updated. Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled
count: 002
Log Analytics Contributor
Monitoring Contributor
change
2022-09-23 16:35:49
Major (2.0.0 > 3.0.0)
Storage 8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Audit requirement of Azure Active Directory (Azure AD) to authorize requests for your storage account. By default, requests can be authorized with either Azure Active Directory credentials, or by using the account access key for Shared Key authorization. Of these two types of authorization, Azure AD provides superior security and ease of use over Shared Key, and is recommended by Microsoft. Default
Audit
Allowed
Audit, Deny, Disabled
change
2022-09-23 16:35:49
Major (1.0.0 > 2.0.0)
Security Center 9297c21d-2ed6-4474-b48f-163f75654ce3 MFA should be enabled for accounts with write permissions on your subscription Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with write privileges to prevent a breach of accounts or resources. Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
change
2022-09-23 16:35:49
Patch (3.0.0 > 3.0.1)
Monitoring ba6881f9-ab93-498b-8bad-bb91b1d755bf The legacy Log Analytics extension should not be installed on virtual machine scale sets Automatically prevent installation of the legacy Log Analytics Agent as the final step of migrating from legacy agents to Azure Monitor Agent. After you have uninstalled existing legacy extensions, this policy will deny all future installations of the legacy agent extension on Windows virtual machine scale sets. Learn more: https://aka.ms/migratetoAMA Default
Audit
Allowed
Deny, Audit, Disabled
add
2022-09-23 16:35:49
ba6881f9-ab93-498b-8bad-bb91b1d755bf
Guest Configuration 357cbd2d-b5c0-4c73-b40c-6bd84f06ce09 [Preview]: Configure Windows Server to disable local users. Creates a Guest Configuration assignment to configure disabling local users on Windows Server. This ensures that Windows Servers can only be accessed by AAD (Azure Active Directory) account or a list of explicitly allowed users by this policy, improving overall security posture. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 001
Guest Configuration Resource Contributor
add
2022-09-23 16:35:49
357cbd2d-b5c0-4c73-b40c-6bd84f06ce09
Network 610b6183-5f00-4d68-86d2-4ab4cb3a67a5 Firewall Policy Premium should enable all IDPS signature rules to monitor all inbound and outbound traffic flows Enabling all Intrusion Detection and Prevention System (IDPS) signature rules is recommanded to better identify known threats in the traffic flows. To learn more about the Intrusion Detection and Prevention System (IDPS) signatures with Azure Firewall Premium, visit https://aka.ms/fw-idps-signature Default
Audit
Allowed
Audit, Deny, Disabled
add
2022-09-23 16:35:49
610b6183-5f00-4d68-86d2-4ab4cb3a67a5
Regulatory Compliance 1fdeb7c4-4c93-8271-a135-17ebe85f1cc7 Incorporate simulated events into incident response training CMA_C1356 - Incorporate simulated events into incident response training Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
1fdeb7c4-4c93-8271-a135-17ebe85f1cc7
Regulatory Compliance 6f311b49-9b0d-8c67-3d6e-db80ae528173 Bind authenticators and identities dynamically CMA_0035 - Bind authenticators and identities dynamically Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
6f311b49-9b0d-8c67-3d6e-db80ae528173
Regulatory Compliance be1c34ab-295a-07a6-785c-36f63c1d223e Obtain user security function documentation CMA_C1581 - Obtain user security function documentation Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
be1c34ab-295a-07a6-785c-36f63c1d223e
Regulatory Compliance 5bac5fb7-7735-357b-767d-02264bfe5c3b Perform all non-local maintenance CMA_C1417 - Perform all non-local maintenance Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
5bac5fb7-7735-357b-767d-02264bfe5c3b
Regulatory Compliance 3a868d0c-538f-968b-0191-bddb44da5b75 Require developers to document approved changes and potential impact CMA_C1597 - Require developers to document approved changes and potential impact Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
3a868d0c-538f-968b-0191-bddb44da5b75
Regulatory Compliance 2d14ff7e-6ff9-838c-0cde-4962ccdb1689 Employ business case to record the resources required CMA_C1735 - Employ business case to record the resources required Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
2d14ff7e-6ff9-838c-0cde-4962ccdb1689
Regulatory Compliance e750ca06-1824-464a-2cf3-d0fa754d1cb4 Establish a secure software development program CMA_0259 - Establish a secure software development program Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
e750ca06-1824-464a-2cf3-d0fa754d1cb4
Regulatory Compliance 70057208-70cc-7b31-3c3a-121af6bc1966 Secure commitment from leadership CMA_0489 - Secure commitment from leadership Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
70057208-70cc-7b31-3c3a-121af6bc1966
Storage b4fe1a3b-0715-4c6c-a5ea-ffc33cf823cb Configure diagnostic settings for Blob Services to Log Analytics workspace Deploys the diagnostic settings for Blob Services to stream resource logs to a Log Analytics workspace when any blob Service which is missing this diagnostic settings is created or updated. Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled
count: 002
Log Analytics Contributor
Monitoring Contributor
change
2022-09-19 17:41:40
Major (1.0.0 > 2.0.0)
Kubernetes 1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Kubernetes clusters should be accessible only over HTTPS Use of HTTPS ensures authentication and protects data in transit from network layer eavesdropping attacks. This capability is currently generally available for Kubernetes Service (AKS), and in preview for Azure Arc enabled Kubernetes. For more info, visit https://aka.ms/kubepolicydoc Default
Deny
Allowed
audit, Audit, deny, Deny, disabled, Disabled
change
2022-09-19 17:41:40
Major (7.0.0 > 8.0.0)
Kubernetes c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Restrict the capabilities to reduce the attack surface of containers in a Kubernetes cluster. This recommendation is part of CIS 5.2.8 and CIS 5.2.9 which are intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
change
2022-09-19 17:41:40
Major (5.0.1 > 6.0.0)
Regulatory Compliance 9c954fcf-6dd8-81f1-41b5-832ae5c62caf Incorporate simulated contingency training CMA_C1260 - Incorporate simulated contingency training Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
9c954fcf-6dd8-81f1-41b5-832ae5c62caf
Regulatory Compliance bd6cbcba-4a2d-507c-53e3-296b5c238a8e Develop and document a business continuity and disaster recovery plan CMA_0146 - Develop and document a business continuity and disaster recovery plan Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
bd6cbcba-4a2d-507c-53e3-296b5c238a8e
App Service cae7c12e-764b-4c87-841a-fdc6675d196f App Service app slots should not have CORS configured to allow every resource to access your apps Cross-Origin Resource Sharing (CORS) should not allow all domains to access your app. Allow only required domains to interact with your app. Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
add
2022-09-19 17:41:40
cae7c12e-764b-4c87-841a-fdc6675d196f
Regulatory Compliance 1b8a7ec3-11cc-a2d3-8cd0-eedf074424a4 Employ automatic shutdown/restart when violations are detected CMA_C1715 - Employ automatic shutdown/restart when violations are detected Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
1b8a7ec3-11cc-a2d3-8cd0-eedf074424a4
Regulatory Compliance 06af77de-02ca-0f3e-838a-a9420fe466f5 Establish a discrete line item in budgeting documentation CMA_C1563 - Establish a discrete line item in budgeting documentation Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
06af77de-02ca-0f3e-838a-a9420fe466f5
App Service c285a320-8830-4665-9cc7-bbd05fc7c5c0 App Service app slots should require FTPS only Enable FTPS enforcement for enhanced security. Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
add
2022-09-19 17:41:40
c285a320-8830-4665-9cc7-bbd05fc7c5c0
Regulatory Compliance 3baee3fd-30f5-882c-018c-cc78703a0106 Employ independent assessors for continuous monitoring CMA_C1168 - Employ independent assessors for continuous monitoring Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
3baee3fd-30f5-882c-018c-cc78703a0106
Regulatory Compliance 874a6f2e-2098-53bc-3a16-20dcdc425a7e Create configuration plan protection CMA_C1233 - Create configuration plan protection Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
874a6f2e-2098-53bc-3a16-20dcdc425a7e
Kubernetes 82985f06-dc18-4a48-bc1c-b9f4f0098cfe Kubernetes cluster pods should only use approved host network and port range Restrict pod access to the host network and the allowable host port range in a Kubernetes cluster. This recommendation is part of CIS 5.2.4 which is intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
change
2022-09-19 17:41:40
Major (5.0.0 > 6.0.0)
Regulatory Compliance a4493012-908c-5f48-a468-1e243be884ce Review security assessment and authorization policies and procedures CMA_C1143 - Review security assessment and authorization policies and procedures Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
a4493012-908c-5f48-a468-1e243be884ce
Regulatory Compliance 5269d7e4-3768-501d-7e46-66c56c15622c Manage contacts for authorities and special interest groups CMA_0359 - Manage contacts for authorities and special interest groups Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
5269d7e4-3768-501d-7e46-66c56c15622c
Regulatory Compliance b8689b2e-4308-a58b-a0b4-6f3343a000df Use automated mechanisms for security alerts CMA_C1707 - Use automated mechanisms for security alerts Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
b8689b2e-4308-a58b-a0b4-6f3343a000df
Regulatory Compliance 4b8fd5da-609b-33bf-9724-1c946285a14c Notify Account Managers of customer controlled accounts CMA_C1009 - Notify Account Managers of customer controlled accounts Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
4b8fd5da-609b-33bf-9724-1c946285a14c
Regulatory Compliance 0065241c-72e9-3b2c-556f-75de66332a94 Establish parameters for searching secret authenticators and verifiers CMA_0274 - Establish parameters for searching secret authenticators and verifiers Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
0065241c-72e9-3b2c-556f-75de66332a94
Regulatory Compliance 33d34fac-56a8-1c0f-0636-3ed94892a709 Govern the allocation of resources CMA_0293 - Govern the allocation of resources Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
33d34fac-56a8-1c0f-0636-3ed94892a709
Kubernetes 47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Block pod containers from sharing the host process ID namespace and host IPC namespace in a Kubernetes cluster. This recommendation is part of CIS 5.2.2 and CIS 5.2.3 which are intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
change
2022-09-19 17:41:40
Major (4.0.1 > 5.0.0)
Regulatory Compliance d25cbded-121e-0ed6-1857-dc698c9095b1 Take action in response to customer information CMA_C1554 - Take action in response to customer information Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
d25cbded-121e-0ed6-1857-dc698c9095b1
Regulatory Compliance 96333008-988d-4add-549b-92b3a8c42063 Update privacy plan, policies, and procedures CMA_C1807 - Update privacy plan, policies, and procedures Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
96333008-988d-4add-549b-92b3a8c42063
Regulatory Compliance 60442979-6333-85f0-84c5-b887bac67448 Evaluate alternate processing site capabilities CMA_C1266 - Evaluate alternate processing site capabilities Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
60442979-6333-85f0-84c5-b887bac67448
Regulatory Compliance 096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements CMA_C1151 - Require interconnection security agreements Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
096a7055-30cb-2db4-3fda-41b20ac72667
Regulatory Compliance edcc36f1-511b-81e0-7125-abee29752fe7 Manage availability and capacity CMA_0356 - Manage availability and capacity Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
edcc36f1-511b-81e0-7125-abee29752fe7
App Service 13bcff5d-f0eb-4ce7-913e-83ad6300376b Function app slots should use an Azure file share for its content directory The content directory of a Function app should be located on an Azure file share. The storage account information for the file share must be provided before any publishing activity. To learn more about using Azure Files for hosting app service content refer to https://go.microsoft.com/fwlink/?linkid=2151594. Default
Audit
Allowed
Audit, Disabled
add
2022-09-19 17:41:40
13bcff5d-f0eb-4ce7-913e-83ad6300376b
Regulatory Compliance b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service CMA_C1626 - Implement managed interface for each external service Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
b262e1dd-08e9-41d4-963a-258909ad794b
Regulatory Compliance 16c54e01-9e65-7524-7c33-beda48a75779 Produce, control and distribute symmetric cryptographic keys CMA_C1645 - Produce, control and distribute symmetric cryptographic keys Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
16c54e01-9e65-7524-7c33-beda48a75779
Regulatory Compliance 82bd024a-5c99-05d6-96ff-01f539676a1a Monitor security and privacy training completion CMA_0379 - Monitor security and privacy training completion Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
82bd024a-5c99-05d6-96ff-01f539676a1a
Regulatory Compliance ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems CMA_0491 - Secure the interface to external systems Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
ff1efad2-6b09-54cc-01bf-d386c4d558a8
Regulatory Compliance f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures CMA_C1560 - Review and update system and services acquisition policies and procedures Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
f49925aa-9b11-76ae-10e2-6e973cc60f37
Kubernetes d2e7ea85-6b44-4317-a0be-1b951587f626 Kubernetes clusters should not grant CAP_SYS_ADMIN security capabilities To reduce the attack surface of your containers, restrict CAP_SYS_ADMIN Linux capabilities. For more information, see https://aka.ms/kubepolicydoc. Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
change
2022-09-19 17:41:40
Major (4.0.0 > 5.0.0)
Regulatory Compliance 76d66b5c-85e4-93f5-96a5-ebb2fad61dc6 Terminate customer controlled account credentials CMA_C1022 - Terminate customer controlled account credentials Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
76d66b5c-85e4-93f5-96a5-ebb2fad61dc6
Regulatory Compliance b4e19d22-8c0e-7cad-3219-c84c62dc250f Review and update media protection policies and procedures CMA_C1427 - Review and update media protection policies and procedures Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
b4e19d22-8c0e-7cad-3219-c84c62dc250f
Regulatory Compliance 25a1f840-65d0-900a-43e4-bee253de04de Define requirements for managing assets CMA_0125 - Define requirements for managing assets Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
25a1f840-65d0-900a-43e4-bee253de04de
Regulatory Compliance aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan CMA_C1244 - Develop contingency plan Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
aa305b4d-8c84-1754-0c74-dec004e66be0
Regulatory Compliance de936662-13dc-204c-75ec-1af80f994088 Provide contingency training CMA_0412 - Provide contingency training Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
de936662-13dc-204c-75ec-1af80f994088
Regulatory Compliance e21f91d1-2803-0282-5f2d-26ebc4b170ef Update organizational access agreements CMA_0520 - Update organizational access agreements Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
e21f91d1-2803-0282-5f2d-26ebc4b170ef
Regulatory Compliance 2d2ca910-7957-23ee-2945-33f401606efc Accept only FICAM-approved third-party credentials CMA_C1348 - Accept only FICAM-approved third-party credentials Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
2d2ca910-7957-23ee-2945-33f401606efc
Network 5e1cd26a-5090-4fdb-9d6a-84a90335e22d Configure network security groups to use specific workspace, storage account and flowlog retention policy for traffic analytics If it already has traffic analytics enabled, then policy will overwrite its existing settings with the ones provided during policy creation. Traffic analytics is a cloud-based solution that provides visibility into user and application activity in cloud networks. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 001
Contributor
change
2022-09-19 17:41:40
Minor (1.0.1 > 1.1.0)
Regulatory Compliance 464a7d7a-2358-4869-0b49-6d582ca21292 Ensure capital planning and investment requests include necessary resources CMA_C1734 - Ensure capital planning and investment requests include necessary resources Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
464a7d7a-2358-4869-0b49-6d582ca21292
Kubernetes a2abc456-f0ae-464b-bd3a-07a3cdbd7fb1 Kubernetes cluster Windows containers should not overcommit cpu and memory Windows container resource requests should be less or equal to the resource limit or unspecified to avoid overcommit. If Windows memory is over-provisioned it will process pages in disk - which can slow down performance - instead of terminating the container with out-of-memory Default
Audit
Allowed
Audit, Deny, Disabled
change
2022-09-19 17:41:40
Major (1.0.2 > 2.0.0)
Regulatory Compliance 08c11b48-8745-034d-1c1b-a144feec73b9 Restrict use of open source software CMA_C1237 - Restrict use of open source software Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
08c11b48-8745-034d-1c1b-a144feec73b9
Regulatory Compliance e7589f4e-1e8b-72c2-3692-1e14d7f3699f Ensure access agreements are signed or resigned timely CMA_C1528 - Ensure access agreements are signed or resigned timely Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
e7589f4e-1e8b-72c2-3692-1e14d7f3699f
Kubernetes 098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Limit pod HostPath volume mounts to the allowed host paths in a Kubernetes Cluster. This recommendation is part of Pod Security Policies which are intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
change
2022-09-19 17:41:40
Major (5.0.1 > 6.0.0)
Regulatory Compliance 22a02c9a-49e4-5dc9-0d14-eb35ad717154 Obtain design and implementation information for the security controls CMA_C1576 - Obtain design and implementation information for the security controls Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
22a02c9a-49e4-5dc9-0d14-eb35ad717154
Regulatory Compliance 1fdf0b24-4043-3c55-357e-036985d50b52 Ensure security safeguards not needed when the individuals return CMA_C1183 - Ensure security safeguards not needed when the individuals return Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
1fdf0b24-4043-3c55-357e-036985d50b52
Regulatory Compliance 318b2bd9-9c39-9f8b-46a7-048401f33476 Address coding vulnerabilities CMA_0003 - Address coding vulnerabilities Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
318b2bd9-9c39-9f8b-46a7-048401f33476
Regulatory Compliance 09960521-759e-5d12-086f-4192a72a5e92 Protect administrator and user documentation CMA_C1583 - Protect administrator and user documentation Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
09960521-759e-5d12-086f-4192a72a5e92
Regulatory Compliance 94c842e3-8098-38f9-6d3f-8872b790527d Remove or redact any PII CMA_C1833 - Remove or redact any PII Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
94c842e3-8098-38f9-6d3f-8872b790527d
App Service dcbc65aa-59f3-4239-8978-3bb869d82604 App Service apps should use an Azure file share for its content directory The content directory of an app should be located on an Azure file share. The storage account information for the file share must be provided before any publishing activity. To learn more about using Azure Files for hosting app service content refer to https://go.microsoft.com/fwlink/?linkid=2151594. Default
Audit
Allowed
Audit, Disabled
change
2022-09-19 17:41:40
Major (2.0.0 > 3.0.0)
Regulatory Compliance e54901fe-42c2-7f3b-3c5f-327aa5320a69 Automate information sharing decisions CMA_0028 - Automate information sharing decisions Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
e54901fe-42c2-7f3b-3c5f-327aa5320a69
Regulatory Compliance 6bededc0-2985-54d5-4158-eb8bad8070a0 Review and update information integrity policies and procedures CMA_C1667 - Review and update information integrity policies and procedures Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
6bededc0-2985-54d5-4158-eb8bad8070a0
Regulatory Compliance 8e920169-739d-40b5-3f99-c4d855327bb2 Prohibit binary/machine-executable code CMA_C1717 - Prohibit binary/machine-executable code Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
8e920169-739d-40b5-3f99-c4d855327bb2
Regulatory Compliance 20012034-96f0-85c2-4a86-1ae1eb457802 Review and update risk assessment policies and procedures CMA_C1537 - Review and update risk assessment policies and procedures Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
20012034-96f0-85c2-4a86-1ae1eb457802
Regulatory Compliance f801d58e-5659-9a4a-6e8d-02c9334732e5 Restore resources to operational state CMA_C1297 - Restore resources to operational state Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
f801d58e-5659-9a4a-6e8d-02c9334732e5
Regulatory Compliance ca6d7878-3189-1833-4620-6c7254ed1607 Obtain continuous monitoring plan for security controls CMA_C1577 - Obtain continuous monitoring plan for security controls Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
ca6d7878-3189-1833-4620-6c7254ed1607
Regulatory Compliance 0dcbaf2f-075e-947b-8f4c-74ecc5cd302c Identify individuals with security roles and responsibilities CMA_C1566 - Identify individuals with security roles and responsibilities Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
0dcbaf2f-075e-947b-8f4c-74ecc5cd302c
Kubernetes 975ce327-682c-4f2e-aa46-b9598289b86c Kubernetes cluster containers should only use allowed seccomp profiles Pod containers can only use allowed seccomp profiles in a Kubernetes cluster. This recommendation is part of Pod Security Policies which are intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
change
2022-09-19 17:41:40
Major (5.0.1 > 7.0.0)
Regulatory Compliance 12af7c7a-92af-9e96-0d0c-5e732d1a3751 Ensure information system fails in known state CMA_C1662 - Ensure information system fails in known state Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
12af7c7a-92af-9e96-0d0c-5e732d1a3751
Regulatory Compliance 3eecf628-a1c8-1b48-1b5c-7ca781e97970 Specify permitted actions associated with customer audit information CMA_C1122 - Specify permitted actions associated with customer audit information Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
3eecf628-a1c8-1b48-1b5c-7ca781e97970
App Service 72d04c29-f87d-4575-9731-419ff16a2757 App Service apps should be injected into a virtual network Injecting App Service Apps in a virtual network unlocks advanced App Service networking and security features and provides you with greater control over your network security configuration. Learn more at: https://docs.microsoft.com/azure/app-service/web-sites-integrate-with-vnet. Default
Audit
Allowed
Audit, Deny, Disabled
change
2022-09-19 17:41:40
Major (2.0.0 > 3.0.0)
Regulatory Compliance 84a01872-5318-049e-061e-d56734183e84 Distribute information system documentation CMA_C1584 - Distribute information system documentation Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
84a01872-5318-049e-061e-d56734183e84
Regulatory Compliance c6fe3856-4635-36b6-983c-070da12a953b Implement the risk management strategy CMA_C1744 - Implement the risk management strategy Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
c6fe3856-4635-36b6-983c-070da12a953b
Regulatory Compliance 6c79c3e5-5f7b-a48a-5c7b-8c158bc01115 Ensure security categorization is approved CMA_C1540 - Ensure security categorization is approved Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
6c79c3e5-5f7b-a48a-5c7b-8c158bc01115
Regulatory Compliance d48a6f19-a284-6fc6-0623-3367a74d3f50 Update interconnection security agreements CMA_0519 - Update interconnection security agreements Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
d48a6f19-a284-6fc6-0623-3367a74d3f50
Regulatory Compliance b2c723e8-a1a0-8e38-5cf1-f5a20ffe4f51 Publish access procedures in SORNs CMA_C1848 - Publish access procedures in SORNs Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
b2c723e8-a1a0-8e38-5cf1-f5a20ffe4f51
Regulatory Compliance 676c3c35-3c36-612c-9523-36d266a65000 Require developers to provide training CMA_C1611 - Require developers to provide training Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
676c3c35-3c36-612c-9523-36d266a65000
Regulatory Compliance 524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities CMA_0198 - Document security and privacy training activities Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
524e7136-9f6a-75ba-9089-501018151346
Regulatory Compliance 4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements CMA_C1586 - Require external service providers to comply with security requirements Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
4e45863d-9ea9-32b4-a204-2680bc6007a6
Storage 7bd000e3-37c7-4928-9f31-86c4b77c5c45 Configure diagnostic settings for Queue Services to Log Analytics workspace Deploys the diagnostic settings for Queue Services to stream resource logs to a Log Analytics workspace when any queue Service which is missing this diagnostic settings is created or updated. Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled
count: 002
Log Analytics Contributor
Monitoring Contributor
change
2022-09-19 17:41:40
Major (1.0.0 > 2.0.0)
Regulatory Compliance 2f204e72-1896-3bf8-75c9-9128b8683a36 Reissue authenticators for changed groups and accounts CMA_0426 - Reissue authenticators for changed groups and accounts Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
2f204e72-1896-3bf8-75c9-9128b8683a36
Regulatory Compliance bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services CMA_0416 - Provide secure name and address resolution services Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
bbb2e6d6-085f-5a35-a55d-e45daad38933
Regulatory Compliance bb048641-6017-7272-7772-a008f285a520 Develop spillage response procedures CMA_0162 - Develop spillage response procedures Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
bb048641-6017-7272-7772-a008f285a520
Regulatory Compliance 20762f1e-85fb-31b0-a600-e833633f10fe Reveal error messages CMA_C1725 - Reveal error messages Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
20762f1e-85fb-31b0-a600-e833633f10fe
App Service 6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Default
Audit
Allowed
Audit, Disabled, Deny
change
2022-09-19 17:41:40
Major (3.0.0 > 4.0.0)
Regulatory Compliance 2e7a98c9-219f-0d58-38dc-d69038224442 Protect the information security program plan CMA_C1732 - Protect the information security program plan Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
2e7a98c9-219f-0d58-38dc-d69038224442
Regulatory Compliance 74041cfe-3f87-1d17-79ec-34ca5f895542 Produce complete records of remote maintenance activities CMA_C1403 - Produce complete records of remote maintenance activities Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
74041cfe-3f87-1d17-79ec-34ca5f895542
Regulatory Compliance 1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68 Conduct risk assessment and document its results CMA_C1542 - Conduct risk assessment and document its results Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68
Regulatory Compliance d9edcea6-6cb8-0266-a48c-2061fbac4310 Plan for continuance of essential business functions CMA_C1255 - Plan for continuance of essential business functions Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
d9edcea6-6cb8-0266-a48c-2061fbac4310
Regulatory Compliance 4012c2b7-4e0e-a7ab-1688-4aab43f14420 Map authenticated identities to individuals CMA_0372 - Map authenticated identities to individuals Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
4012c2b7-4e0e-a7ab-1688-4aab43f14420
Regulatory Compliance a90c4d44-7fac-8e02-6d5b-0d92046b20e6 Automate flaw remediation CMA_0027 - Automate flaw remediation Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
a90c4d44-7fac-8e02-6d5b-0d92046b20e6
Regulatory Compliance 171e377b-5224-4a97-1eaa-62a3b5231dac Generate internal security alerts CMA_C1704 - Generate internal security alerts Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
171e377b-5224-4a97-1eaa-62a3b5231dac
Network e920df7f-9a64-4066-9b58-52684c02a091 Configure network security groups to enable traffic analytics Traffic analytics can be enabled for all network security groups hosted in a particular region with the settings provided during policy creation. If it already has Traffic analytics enabled, then policy does not overwrite its settings. Flow Logs are also enabled for the Network security groups that do not have it. Traffic analytics is a cloud-based solution that provides visibility into user and application activity in cloud networks. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 001
Contributor
change
2022-09-19 17:41:40
Minor (1.0.1 > 1.1.0)
Regulatory Compliance 3af53f59-979f-24a8-540f-d7cdbc366607 Require users to sign access agreement CMA_0440 - Require users to sign access agreement Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
3af53f59-979f-24a8-540f-d7cdbc366607
Regulatory Compliance eff6e4a5-3efe-94dd-2ed1-25d56a019a82 Distribute policies and procedures CMA_0185 - Distribute policies and procedures Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
eff6e4a5-3efe-94dd-2ed1-25d56a019a82
Regulatory Compliance 729c8708-2bec-093c-8427-2e87d2cd426d Automate notification of employee termination CMA_C1521 - Automate notification of employee termination Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
729c8708-2bec-093c-8427-2e87d2cd426d
Regulatory Compliance d9af7f88-686a-5a8b-704b-eafdab278977 Obtain legal opinion for monitoring system activities CMA_C1688 - Obtain legal opinion for monitoring system activities Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
d9af7f88-686a-5a8b-704b-eafdab278977
Regulatory Compliance b544f797-a73b-1be3-6d01-6b1a085376bc Establish information security workforce development and improvement program CMA_C1752 - Establish information security workforce development and improvement program Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
b544f797-a73b-1be3-6d01-6b1a085376bc
App Service 1f01f1c7-539c-49b5-9ef4-d4ffa37d22e0 Configure Function apps to use the latest TLS version Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for Function apps to take advantage of security fixes, if any, and/or new functionalities of the latest version. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 001
Website Contributor
add
2022-09-19 17:41:40
1f01f1c7-539c-49b5-9ef4-d4ffa37d22e0
Kubernetes 50c83470-d2f0-4dda-a716-1938a4825f62 Kubernetes cluster containers should only use allowed pull policy Restrict containers' pull policy to enforce containers to use only allowed images on deployments Default
Audit
Allowed
Audit, Deny, Disabled
change
2022-09-19 17:41:40
Major (2.0.0 > 3.0.0)
Regulatory Compliance c6aeb800-0b19-944d-92dc-59b893722329 Rescreen individuals at a defined frequency CMA_C1512 - Rescreen individuals at a defined frequency Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
c6aeb800-0b19-944d-92dc-59b893722329
Regulatory Compliance 0471c6b7-1588-701c-2713-1fade73b75f6 Display an explicit logout message CMA_C1056 - Display an explicit logout message Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
0471c6b7-1588-701c-2713-1fade73b75f6
Regulatory Compliance ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements CMA_0469 - Review cloud service provider's compliance with policies and agreements Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
ffea18d9-13de-6505-37f3-4c1f88070ad7
Regulatory Compliance ba99d512-3baa-1c38-8b0b-ae16bbd34274 Test contingency plan at an alternate processing location CMA_C1265 - Test contingency plan at an alternate processing location Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
ba99d512-3baa-1c38-8b0b-ae16bbd34274
Regulatory Compliance 55be3260-a7a2-3c06-7fe6-072d07525ab7 Accept PIV credentials CMA_C1347 - Accept PIV credentials Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
55be3260-a7a2-3c06-7fe6-072d07525ab7
Kubernetes f06ddb64-5fa3-4b77-b166-acb36f7f6042 Kubernetes cluster pods and containers should only run with approved user and group IDs Control the user, primary group, supplemental group and file system group IDs that pods and containers can use to run in a Kubernetes Cluster. This recommendation is part of Pod Security Policies which are intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
change
2022-09-19 17:41:40
Major (5.0.2 > 6.0.0)
App Service 4d0bc837-6eff-477e-9ecd-33bf8d4212a5 Function apps should use an Azure file share for its content directory The content directory of a Function app should be located on an Azure file share. The storage account information for the file share must be provided before any publishing activity. To learn more about using Azure Files for hosting app service content refer to https://go.microsoft.com/fwlink/?linkid=2151594. Default
Audit
Allowed
Audit, Disabled
change
2022-09-19 17:41:40
Major (2.0.0 > 3.0.0)
App Service cf9ca02d-383e-4506-a421-258cc1a5300d Function app slots should have 'Client Certificates (Incoming client certificates)' enabled Client certificates allow for the app to request a certificate for incoming requests. Only clients with valid certificates will be able to reach the app. Default
Audit
Allowed
Audit, Disabled
add
2022-09-19 17:41:40
cf9ca02d-383e-4506-a421-258cc1a5300d
Regulatory Compliance d7c1ecc3-2980-a079-1569-91aec8ac4a77 Conduct risk assessment and distribute its results CMA_C1544 - Conduct risk assessment and distribute its results Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
d7c1ecc3-2980-a079-1569-91aec8ac4a77
Regulatory Compliance 8b333332-6efd-7c0d-5a9f-d1eb95105214 Employ FIPS 201-approved technology for PIV CMA_C1579 - Employ FIPS 201-approved technology for PIV Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
8b333332-6efd-7c0d-5a9f-d1eb95105214
Regulatory Compliance afd5d60a-48d2-8073-1ec2-6687e22f2ddd Require notification of third-party personnel transfer or termination CMA_C1532 - Require notification of third-party personnel transfer or termination Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
afd5d60a-48d2-8073-1ec2-6687e22f2ddd
Storage 2fb86bf3-d221-43d1-96d1-2434af34eaa0 Configure diagnostic settings for Table Services to Log Analytics workspace Deploys the diagnostic settings for Table Services to stream resource logs to a Log Analytics workspace when any table Service which is missing this diagnostic settings is created or updated. Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled
count: 002
Log Analytics Contributor
Monitoring Contributor
change
2022-09-19 17:41:40
Major (1.0.0 > 2.0.0)
Regulatory Compliance c3b3cc61-9c70-5d78-7f12-1aefcc477db7 Review security testing, training, and monitoring plans CMA_C1754 - Review security testing, training, and monitoring plans Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
c3b3cc61-9c70-5d78-7f12-1aefcc477db7
Kubernetes 95edb821-ddaf-4404-9732-666045e056b4 Kubernetes cluster should not allow privileged containers Do not allow privileged containers creation in a Kubernetes cluster. This recommendation is part of CIS 5.2.1 which is intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. Default
Deny
Allowed
audit, Audit, deny, Deny, disabled, Disabled
change
2022-09-19 17:41:40
Major (8.0.0 > 9.0.0)
Regulatory Compliance 5f2e834d-7e40-a4d5-a216-e49b16955ccf Establish requirements for internet service providers CMA_0278 - Establish requirements for internet service providers Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
5f2e834d-7e40-a4d5-a216-e49b16955ccf
Regulatory Compliance a8df9c78-4044-98be-2c05-31a315ac8957 Conform to FICAM-issued profiles CMA_C1350 - Conform to FICAM-issued profiles Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
a8df9c78-4044-98be-2c05-31a315ac8957
Regulatory Compliance 1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures CMA_0292 - Govern policies and procedures Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
1a2a03a4-9992-5788-5953-d8f6615306de
Regulatory Compliance 27ce30dd-3d56-8b54-6144-e26d9a37a541 Ensure audit records are not altered CMA_C1125 - Ensure audit records are not altered Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
27ce30dd-3d56-8b54-6144-e26d9a37a541
Regulatory Compliance 75b42dcf-7840-1271-260b-852273d7906e Develop contingency planning policies and procedures CMA_0156 - Develop contingency planning policies and procedures Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
75b42dcf-7840-1271-260b-852273d7906e
Regulatory Compliance dad1887d-161b-7b61-2e4d-5124a7b5724e Measure the time between flaw identification and flaw remediation CMA_C1674 - Measure the time between flaw identification and flaw remediation Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
dad1887d-161b-7b61-2e4d-5124a7b5724e
Regulatory Compliance 04837a26-2601-1982-3da7-bf463e6408f4 Develop configuration management plan CMA_C1232 - Develop configuration management plan Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
04837a26-2601-1982-3da7-bf463e6408f4
Regulatory Compliance c7e8ddc1-14aa-1814-7fe1-aad1742b27da Enforce expiration of cached authenticators CMA_C1343 - Enforce expiration of cached authenticators Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
c7e8ddc1-14aa-1814-7fe1-aad1742b27da
Regulatory Compliance 10c3a1b1-29b0-a2d5-8f4c-a284b0f07830 Implement cryptographic mechanisms CMA_C1419 - Implement cryptographic mechanisms Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
10c3a1b1-29b0-a2d5-8f4c-a284b0f07830
Regulatory Compliance 611ebc63-8600-50b6-a0e3-fef272457132 Employ independent team for penetration testing CMA_C1171 - Employ independent team for penetration testing Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
611ebc63-8600-50b6-a0e3-fef272457132
Regulatory Compliance ab02bb73-4ce1-89dd-3905-d93042809ba0 Align business objectives and IT goals CMA_0008 - Align business objectives and IT goals Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
ab02bb73-4ce1-89dd-3905-d93042809ba0
Regulatory Compliance d136ae80-54dd-321c-98b4-17acf4af2169 Provide updated security awareness training CMA_C1090 - Provide updated security awareness training Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
d136ae80-54dd-321c-98b4-17acf4af2169
Regulatory Compliance 2af4640d-11a6-a64b-5ceb-a468f4341c0c Define and enforce inactivity log policy CMA_C1017 - Define and enforce inactivity log policy Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
2af4640d-11a6-a64b-5ceb-a468f4341c0c
Regulatory Compliance 98e33927-8d7f-6d5f-44f5-2469b40b7215 Implement Incident handling capability CMA_C1367 - Implement Incident handling capability Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
98e33927-8d7f-6d5f-44f5-2469b40b7215
Regulatory Compliance b470a37a-7a47-3792-34dd-7a793140702e Establish relationship between incident response capability and external providers CMA_C1376 - Establish relationship between incident response capability and external providers Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
b470a37a-7a47-3792-34dd-7a793140702e
Regulatory Compliance a44c9fba-43f8-4b7b-7ee6-db52c96b4366 Facilitate information sharing CMA_0284 - Facilitate information sharing Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
a44c9fba-43f8-4b7b-7ee6-db52c96b4366
App Service a1a22235-dd10-4062-bd55-7d62778f41b0 Function app slots should not have CORS configured to allow every resource to access your apps Cross-Origin Resource Sharing (CORS) should not allow all domains to access your Function app. Allow only required domains to interact with your Function app. Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
add
2022-09-19 17:41:40
a1a22235-dd10-4062-bd55-7d62778f41b0
Regulatory Compliance ef5a7059-6651-73b1-18b3-75b1b79c1565 Define information security roles and responsibilities CMA_C1565 - Define information security roles and responsibilities Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
ef5a7059-6651-73b1-18b3-75b1b79c1565
Kubernetes 57dde185-5c62-4063-b965-afbb201e9c1c Kubernetes cluster Windows containers should only run with approved user and domain user group Control the user that Windows pods and containers can use to run in a Kubernetes Cluster. This recommendation is part of Pod Security Policies on Windows nodes which are intended to improve the security of your Kubernetes environments. Default
Audit
Allowed
Audit, Deny, Disabled
change
2022-09-19 17:41:40
Major (1.0.0 > 2.0.0)
Kubernetes 46592696-4c7b-4bf3-9e45-6c2763bdc0a6 Kubernetes cluster pods should use specified labels Use specified labels to identify the pods in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. Default
Deny
Allowed
audit, Audit, deny, Deny, disabled, Disabled
change
2022-09-19 17:41:40
Major (6.2.1 > 7.0.0)
Kubernetes 65280eef-c8b4-425e-9aec-af55e55bf581 Kubernetes cluster should not use naked pods Block usage of naked Pods. Naked Pods will not be rescheduled in the event of a node failure. Pods should be managed by Deployment, Replicset, Daemonset or Jobs Default
Audit
Allowed
Audit, Deny, Disabled
change
2022-09-19 17:41:40
Major (1.0.0 > 2.0.0)
Regulatory Compliance 7a114735-a420-057d-a651-9a73cd0416ef Require developers to provide unified security protection approach CMA_C1614 - Require developers to provide unified security protection approach Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
7a114735-a420-057d-a651-9a73cd0416ef
Regulatory Compliance 0fd1ca29-677b-2f12-1879-639716459160 Maintain data breach records CMA_0351 - Maintain data breach records Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
0fd1ca29-677b-2f12-1879-639716459160
Kubernetes 16697877-1118-4fb1-9b65-9898ec2509ec Kubernetes cluster pods should only use allowed volume types Pods can only use allowed volume types in a Kubernetes cluster. This recommendation is part of Pod Security Policies which are intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
change
2022-09-19 17:41:40
Major (4.0.1 > 5.0.0)
Regulatory Compliance 7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity CMA_0377 - Monitor account activity Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
7b28ba4f-0a87-46ac-62e1-46b7c09202a8
Regulatory Compliance b7306e73-0494-83a2-31f5-280e934a8f70 Develop and document a DDoS response plan CMA_0147 - Develop and document a DDoS response plan Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
b7306e73-0494-83a2-31f5-280e934a8f70
Regulatory Compliance ba02d0a0-566a-25dc-73f1-101c726a19c5 Implement transaction based recovery CMA_C1296 - Implement transaction based recovery Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
ba02d0a0-566a-25dc-73f1-101c726a19c5
Regulatory Compliance 7fc1f0da-0050-19bb-3d75-81ae15940df6 Provide monitoring information as needed CMA_C1689 - Provide monitoring information as needed Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
7fc1f0da-0050-19bb-3d75-81ae15940df6
Kubernetes 4f3823b6-6dac-4b5a-9c61-ce1afb829f17 Kubernetes clusters should use Container Storage Interface(CSI) driver StorageClass The Container Storage Interface (CSI) is a standard for exposing arbitrary block and file storage systems to containerized workloads on Kubernetes. In-tree provisioner StorageClass should be deprecated since AKS version 1.21. To learn more, https://aka.ms/aks-csi-driver Default
Audit
Allowed
Audit, Deny, Disabled
change
2022-09-19 17:41:40
Major (1.1.0 > 2.0.0)
Kubernetes 9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Prevent usage of the default namespace in Kubernetes clusters to protect against unauthorized access for ConfigMap, Pod, Secret, Service, and ServiceAccount resource types. For more information, see https://aka.ms/kubepolicydoc. Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
change
2022-09-19 17:41:40
Major (3.0.1 > 4.0.0)
Regulatory Compliance 46ab2c5e-6654-1f58-8c83-e97a44f39308 Identify external service providers CMA_C1591 - Identify external service providers Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
46ab2c5e-6654-1f58-8c83-e97a44f39308
Regulatory Compliance 69d90ee6-9f9f-262a-2038-d909fb4e5723 Identify spilled information CMA_0303 - Identify spilled information Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
69d90ee6-9f9f-262a-2038-d909fb4e5723
Regulatory Compliance 449ebb52-945b-36e5-3446-af6f33770f8f Update the security authorization CMA_C1160 - Update the security authorization Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
449ebb52-945b-36e5-3446-af6f33770f8f
Regulatory Compliance 037c0089-6606-2dab-49ad-437005b5035f Identify incident response personnel CMA_0301 - Identify incident response personnel Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
037c0089-6606-2dab-49ad-437005b5035f
Regulatory Compliance 41172402-8d73-64c7-0921-909083c086b0 Not allow for information systems to accompany with individuals CMA_C1182 - Not allow for information systems to accompany with individuals Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
41172402-8d73-64c7-0921-909083c086b0
Regulatory Compliance 6baae474-434f-2e91-7163-a72df30c4847 Manage security state of information systems CMA_C1746 - Manage security state of information systems Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
6baae474-434f-2e91-7163-a72df30c4847
Regulatory Compliance 22c16ae4-19d0-29cb-422f-cb44061180ee Disable user accounts posing a significant risk CMA_C1026 - Disable user accounts posing a significant risk Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
22c16ae4-19d0-29cb-422f-cb44061180ee
Regulatory Compliance 91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures CMA_C1446 - Review and update physical and environmental policies and procedures Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2
Kubernetes 9a5f4e39-e427-4d5d-ae73-93db00328bec Kubernetes resources should have required annotations Ensure that required annotations are attached on a given Kubernetes resource kind for improved resource management of your Kubernetes resources. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. Default
Audit
Allowed
Audit, Deny, Disabled
change
2022-09-19 17:41:40
Major (2.0.0 > 3.0.0)
Regulatory Compliance 3eabed6d-1912-2d3c-858b-f438d08d0412 Ensure external providers consistently meet interests of the customers CMA_C1592 - Ensure external providers consistently meet interests of the customers Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
3eabed6d-1912-2d3c-858b-f438d08d0412
Regulatory Compliance 03d550b4-34ee-03f4-515f-f2e2faf7a413 Review access control policies and procedures CMA_0457 - Review access control policies and procedures Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
03d550b4-34ee-03f4-515f-f2e2faf7a413
Regulatory Compliance 14a4fd0a-9100-1e12-1362-792014a28155 Update contingency plan CMA_C1248 - Update contingency plan Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
14a4fd0a-9100-1e12-1362-792014a28155
Regulatory Compliance e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures CMA_C1243 - Review and update contingency planning policies and procedures Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
e9c60c37-65b0-2d72-6c3c-af66036203ae
Kubernetes df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Run containers with a read only root file system to protect from changes at run-time with malicious binaries being added to PATH in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
change
2022-09-19 17:41:40
Major (5.0.0 > 6.0.0)
Regulatory Compliance 6a379d74-903b-244a-4c44-838728bea6b0 Analyse data obtained from continuous monitoring CMA_C1169 - Analyse data obtained from continuous monitoring Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
6a379d74-903b-244a-4c44-838728bea6b0
Kubernetes 56d0a13f-712f-466b-8416-56fb354fb823 Kubernetes cluster containers should not use forbidden sysctl interfaces Containers should not use forbidden sysctl interfaces in a Kubernetes cluster. This recommendation is part of Pod Security Policies which are intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
change
2022-09-19 17:41:40
Major (6.0.2 > 7.0.0)
Regulatory Compliance 898a5781-2254-5a37-34c7-d78ea7c20d55 Publish SORNs for systems containing PII CMA_C1862 - Publish SORNs for systems containing PII Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
898a5781-2254-5a37-34c7-d78ea7c20d55
Regulatory Compliance b65c5d8e-9043-9612-2c17-65f231d763bb Employ independent assessors to conduct security control assessments CMA_C1148 - Employ independent assessors to conduct security control assessments Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
b65c5d8e-9043-9612-2c17-65f231d763bb
Regulatory Compliance b269a749-705e-8bff-055a-147744675cdf Conduct backup of information system documentation CMA_C1289 - Conduct backup of information system documentation Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
b269a749-705e-8bff-055a-147744675cdf
Regulatory Compliance b320aa42-33b4-53af-87ce-100091d48918 Document third-party personnel security requirements CMA_C1531 - Document third-party personnel security requirements Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
b320aa42-33b4-53af-87ce-100091d48918
Regulatory Compliance 677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment CMA_C1543 - Conduct Risk Assessment Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
677e1da4-00c3-287a-563d-f4a1cf9b99a0
Regulatory Compliance 1e876c5c-0f2a-8eb6-69f7-5f91e7918ed6 Review development process, standards and tools CMA_C1610 - Review development process, standards and tools Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
1e876c5c-0f2a-8eb6-69f7-5f91e7918ed6
Regulatory Compliance e7422f08-65b4-50e4-3779-d793156e0079 Develop a concept of operations (CONOPS) CMA_0141 - Develop a concept of operations (CONOPS) Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
e7422f08-65b4-50e4-3779-d793156e0079
Regulatory Compliance 80029bc5-834f-3a9c-a2d8-acbc1aab4e9f Employ restrictions on external system interconnections CMA_C1155 - Employ restrictions on external system interconnections Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
80029bc5-834f-3a9c-a2d8-acbc1aab4e9f
Regulatory Compliance 22457e81-3ec6-5271-a786-c3ca284601dd Isolate information spills CMA_0346 - Isolate information spills Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
22457e81-3ec6-5271-a786-c3ca284601dd
Regulatory Compliance 53fc1282-0ee3-2764-1319-e20143bb0ea5 Review contingency plan CMA_C1247 - Review contingency plan Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
53fc1282-0ee3-2764-1319-e20143bb0ea5
Regulatory Compliance 245fe58b-96f8-9f1e-48c5-7f49903f66fd Establish alternate storage site that facilitates recovery operations CMA_C1270 - Establish alternate storage site that facilitates recovery operations Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
245fe58b-96f8-9f1e-48c5-7f49903f66fd
Regulatory Compliance 44b71aa8-099d-8b97-1557-0e853ec38e0d Obtain functional properties of security controls CMA_C1575 - Obtain functional properties of security controls Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
44b71aa8-099d-8b97-1557-0e853ec38e0d
Regulatory Compliance 21832235-7a07-61f4-530d-d596f76e5b95 Implement security testing, training, and monitoring plans CMA_C1753 - Implement security testing, training, and monitoring plans Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
21832235-7a07-61f4-530d-d596f76e5b95
Regulatory Compliance e4054c0e-1184-09e6-4c5e-701e0bc90f81 Report atypical behavior of user accounts CMA_C1025 - Report atypical behavior of user accounts Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
e4054c0e-1184-09e6-4c5e-701e0bc90f81
Regulatory Compliance eda0cbb7-6043-05bf-645b-67411f1a59b3 Ensure there are no unencrypted static authenticators CMA_C1340 - Ensure there are no unencrypted static authenticators Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
eda0cbb7-6043-05bf-645b-67411f1a59b3
Regulatory Compliance 6de65dc4-8b4f-34b7-9290-eb137a2e2929 Develop and document application security requirements CMA_0148 - Develop and document application security requirements Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
6de65dc4-8b4f-34b7-9290-eb137a2e2929
Kubernetes 1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Do not allow containers to run with privilege escalation to root in a Kubernetes cluster. This recommendation is part of CIS 5.2.5 which is intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
change
2022-09-19 17:41:40
Major (6.0.1 > 7.0.0)
Regulatory Compliance f7eb1d0b-6d4f-2d59-1591-7563e11a9313 Define and enforce conditions for shared and group accounts CMA_0117 - Define and enforce conditions for shared and group accounts Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
f7eb1d0b-6d4f-2d59-1591-7563e11a9313
Regulatory Compliance dc7ec756-221c-33c8-0afe-c48e10e42321 Verify security controls for external information systems CMA_0541 - Verify security controls for external information systems Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
dc7ec756-221c-33c8-0afe-c48e10e42321
Regulatory Compliance f8a63511-66f1-503f-196d-d6217ee0823a Require developers to produce evidence of security assessment plan execution CMA_C1602 - Require developers to produce evidence of security assessment plan execution Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
f8a63511-66f1-503f-196d-d6217ee0823a
App Service 5e5dbe3f-2702-4ffc-8b1e-0cae008a5c71 Function app slots should only be accessible over HTTPS Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Default
Audit
Allowed
Audit, Disabled, Deny
add
2022-09-19 17:41:40
5e5dbe3f-2702-4ffc-8b1e-0cae008a5c71
Regulatory Compliance df54d34f-65f3-39f1-103c-a0464b8615df Manage transfers between standby and active system components CMA_0371 - Manage transfers between standby and active system components Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
df54d34f-65f3-39f1-103c-a0464b8615df
Kubernetes 3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e Kubernetes clusters should use internal load balancers Use internal load balancers to make a Kubernetes service accessible only to applications running in the same virtual network as the Kubernetes cluster. For more information, see https://aka.ms/kubepolicydoc. Default
Deny
Allowed
audit, Audit, deny, Deny, disabled, Disabled
change
2022-09-19 17:41:40
Major (7.0.0 > 8.0.0)
Regulatory Compliance f6794ab8-9a7d-3b24-76ab-265d3646232b Provide role-based training on suspicious activities CMA_C1097 - Provide role-based training on suspicious activities Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
f6794ab8-9a7d-3b24-76ab-265d3646232b
Regulatory Compliance 0716f0f5-4955-2ccb-8d5e-c6be14d57c0f Ensure resources are authorized CMA_C1159 - Ensure resources are authorized Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
0716f0f5-4955-2ccb-8d5e-c6be14d57c0f
Regulatory Compliance 59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures CMA_0144 - Develop access control policies and procedures Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
59f7feff-02aa-6539-2cf7-bea75b762140
Regulatory Compliance b33d61c1-7463-7025-0ec0-a47585b59147 Require developers to manage change integrity CMA_C1595 - Require developers to manage change integrity Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
b33d61c1-7463-7025-0ec0-a47585b59147
Regulatory Compliance de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys CMA_C1646 - Produce, control and distribute asymmetric cryptographic keys Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
de077e7e-0cc8-65a6-6e08-9ab46c827b05
Regulatory Compliance cc2f7339-2fac-1ea9-9ca3-cd530fbb0da2 Create alternative actions for identified anomalies CMA_C1711 - Create alternative actions for identified anomalies Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
cc2f7339-2fac-1ea9-9ca3-cd530fbb0da2
Regulatory Compliance 77cc89bb-774f-48d7-8a84-fb8c322c3000 Track software license usage CMA_C1235 - Track software license usage Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
77cc89bb-774f-48d7-8a84-fb8c322c3000
Regulatory Compliance db580551-0b3c-4ea1-8a4c-4cdb5feb340f Provide the logout capability CMA_C1055 - Provide the logout capability Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
db580551-0b3c-4ea1-8a4c-4cdb5feb340f
Regulatory Compliance a30bd8e9-7064-312a-0e1f-e1b485d59f6e Review exploit protection events CMA_0472 - Review exploit protection events Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
a30bd8e9-7064-312a-0e1f-e1b485d59f6e
Regulatory Compliance cdcb825f-a0fb-31f9-29c1-ab566718499a Publish Computer Matching Agreements on public website CMA_C1829 - Publish Computer Matching Agreements on public website Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
cdcb825f-a0fb-31f9-29c1-ab566718499a
Storage 59759c62-9a22-4cdf-ae64-074495983fef Configure diagnostic settings for Storage Accounts to Log Analytics workspace Deploys the diagnostic settings for Storage accounts to stream resource logs to a Log Analytics workspace when any storage accounts which is missing this diagnostic settings is created or updated. Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled
count: 002
Log Analytics Contributor
Monitoring Contributor
change
2022-09-19 17:41:40
Major (1.0.0 > 2.0.0)
App Service 24b7a1c6-44fe-40cc-a2e6-242d2ef70e98 App Service app slots should be injected into a virtual network Injecting App Service Apps in a virtual network unlocks advanced App Service networking and security features and provides you with greater control over your network security configuration. Learn more at: https://docs.microsoft.com/azure/app-service/web-sites-integrate-with-vnet. Default
Audit
Allowed
Audit, Deny, Disabled
add
2022-09-19 17:41:40
24b7a1c6-44fe-40cc-a2e6-242d2ef70e98
Regulatory Compliance ca748dfe-3e28-1d18-4221-89aea30aa0a5 Identify status of individual users CMA_C1316 - Identify status of individual users Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
ca748dfe-3e28-1d18-4221-89aea30aa0a5
Regulatory Compliance 39999038-9ef1-602a-158c-ce2367185230 Define performance metrics CMA_0124 - Define performance metrics Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
39999038-9ef1-602a-158c-ce2367185230
Regulatory Compliance ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service CMA_0305 - Implement a fault tolerant name/address service Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
ced727b3-005e-3c5b-5cd5-230b79d56ee8
App Service ae44c1d1-0df2-4ca9-98fa-a3d3ae5b409d Configure App Service apps to use the latest TLS version Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for App Service apps to take advantage of security fixes, if any, and/or new functionalities of the latest version. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 001
Website Contributor
add
2022-09-19 17:41:40
ae44c1d1-0df2-4ca9-98fa-a3d3ae5b409d
App Service a096cbd0-4693-432f-9374-682f485f23f3 Configure Function apps to only be accessible over HTTPS Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Default
Modify
Allowed
Modify, Disabled
count: 001
Website Contributor
add
2022-09-19 17:41:40
a096cbd0-4693-432f-9374-682f485f23f3
Storage 25a70cc8-2bd4-47f1-90b6-1478e4662c96 Configure diagnostic settings for File Services to Log Analytics workspace Deploys the diagnostic settings for File Services to stream resource logs to a Log Analytics workspace when any file Service which is missing this diagnostic settings is created or updated. Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled
count: 002
Log Analytics Contributor
Monitoring Contributor
change
2022-09-19 17:41:40
Major (1.0.0 > 2.0.0)
Regulatory Compliance cb8841d4-9d13-7292-1d06-ba4d68384681 Perform a business impact assessment and application criticality assessment CMA_0386 - Perform a business impact assessment and application criticality assessment Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
cb8841d4-9d13-7292-1d06-ba4d68384681
Regulatory Compliance e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Review and update personnel security policies and procedures CMA_C1507 - Review and update personnel security policies and procedures Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9
Regulatory Compliance 81b6267b-97a7-9aa5-51ee-d2584a160424 Create separate alternate and primary storage sites CMA_C1269 - Create separate alternate and primary storage sites Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
81b6267b-97a7-9aa5-51ee-d2584a160424
Regulatory Compliance a28323fe-276d-3787-32d2-cef6395764c4 Develop audit and accountability policies and procedures CMA_0154 - Develop audit and accountability policies and procedures Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
a28323fe-276d-3787-32d2-cef6395764c4
Regulatory Compliance 4c385143-09fd-3a34-790c-a5fd9ec77ddc Provide role-based security training CMA_C1094 - Provide role-based security training Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
4c385143-09fd-3a34-790c-a5fd9ec77ddc
Regulatory Compliance 2401b496-7f23-79b2-9f80-89bb5abf3d4a Protect incident response plan CMA_0405 - Protect incident response plan Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
2401b496-7f23-79b2-9f80-89bb5abf3d4a
Regulatory Compliance a1334a65-2622-28ee-5067-9d7f5b915cc5 Communicate contingency plan changes CMA_C1249 - Communicate contingency plan changes Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
a1334a65-2622-28ee-5067-9d7f5b915cc5
App Service eaebaea7-8013-4ceb-9d14-7eb32271373c Function apps should have 'Client Certificates (Incoming client certificates)' enabled Client certificates allow for the app to request a certificate for incoming requests. Only clients with valid certificates will be able to reach the app. Default
Audit
Allowed
Audit, Disabled
change
2022-09-19 17:41:40
Major (2.0.0 > 3.0.0)
Regulatory Compliance 7ded6497-815d-6506-242b-e043e0273928 Plan for resumption of essential business functions CMA_C1253 - Plan for resumption of essential business functions Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
7ded6497-815d-6506-242b-e043e0273928
Regulatory Compliance d200f199-69f4-95a6-90b0-37ff0cf1040c Provide the capability to extend or limit auditing on customer-deployed resources CMA_C1141 - Provide the capability to extend or limit auditing on customer-deployed resources Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
d200f199-69f4-95a6-90b0-37ff0cf1040c
Regulatory Compliance 0040d2e5-2779-170d-6a2c-1f5fca353335 Restrict location of information processing, storage and services CMA_C1593 - Restrict location of information processing, storage and services Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
0040d2e5-2779-170d-6a2c-1f5fca353335
Regulatory Compliance 90a156a6-49ed-18d1-1052-69aac27c05cd Allocate resources in determining information system requirements CMA_C1561 - Allocate resources in determining information system requirements Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
90a156a6-49ed-18d1-1052-69aac27c05cd
Regulatory Compliance 57adc919-9dca-817c-8197-64d812070316 Develop an enterprise architecture CMA_C1741 - Develop an enterprise architecture Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
57adc919-9dca-817c-8197-64d812070316
Kubernetes b1a9997f-2883-4f12-bdff-2280f99b5915 Ensure cluster containers have readiness or liveness probes configured This policy enforces that all pods have a readiness and/or liveness probes configured. Probe Types can be any of tcpSocket, httpGet and exec. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc. Default
Audit
Allowed
Audit, Deny, Disabled
change
2022-09-19 17:41:40
Major (2.0.0 > 3.0.0)
Regulatory Compliance 95eb7d09-9937-5df9-11d9-20317e3f60df Provide formal notice to individuals CMA_C1864 - Provide formal notice to individuals Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
95eb7d09-9937-5df9-11d9-20317e3f60df
Regulatory Compliance f30edfad-4e1d-1eef-27ee-9292d6d89842 Perform security function verification at a defined frequency CMA_C1709 - Perform security function verification at a defined frequency Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
f30edfad-4e1d-1eef-27ee-9292d6d89842
Regulatory Compliance 3bd4e0af-7cbb-a3ec-4918-056a3c017ae2 Keep SORNs updated CMA_C1863 - Keep SORNs updated Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
3bd4e0af-7cbb-a3ec-4918-056a3c017ae2
Kubernetes d46c275d-1680-448d-b2ec-e495a3b6cc89 Kubernetes cluster services should only use allowed external IPs Use allowed external IPs to avoid the potential attack (CVE-2020-8554) in a Kubernetes cluster. For more information, see https://aka.ms/kubepolicydoc. Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
change
2022-09-19 17:41:40
Major (4.0.1 > 5.0.0)
Regulatory Compliance c8aa992d-76b7-7ca0-07b3-31a58d773fa9 Employ automated training environment CMA_C1357 - Employ automated training environment Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
c8aa992d-76b7-7ca0-07b3-31a58d773fa9
Regulatory Compliance 2067b904-9552-3259-0cdd-84468e284b7c Review and update system maintenance policies and procedures CMA_C1395 - Review and update system maintenance policies and procedures Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
2067b904-9552-3259-0cdd-84468e284b7c
Regulatory Compliance f6da5cca-5795-60ff-49e1-4972567815fe Require developer to identify SDLC ports, protocols, and services CMA_C1578 - Require developer to identify SDLC ports, protocols, and services Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
f6da5cca-5795-60ff-49e1-4972567815fe
Regulatory Compliance 834b7a4a-83ab-2188-1a26-9c5033d8173b Incorporate security and data privacy practices in research processing CMA_0331 - Incorporate security and data privacy practices in research processing Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
834b7a4a-83ab-2188-1a26-9c5033d8173b
Regulatory Compliance 3054c74b-9b45-2581-56cf-053a1a716c39 Accept assessment results CMA_C1150 - Accept assessment results Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
3054c74b-9b45-2581-56cf-053a1a716c39
Regulatory Compliance 396f465d-375e-57de-58ba-021adb008191 Invalidate session identifiers at logout CMA_C1661 - Invalidate session identifiers at logout Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
396f465d-375e-57de-58ba-021adb008191
Kubernetes 511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Containers should only use allowed AppArmor profiles in a Kubernetes cluster. This recommendation is part of Pod Security Policies which are intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
change
2022-09-19 17:41:40
Major (5.0.0 > 6.0.0)
Regulatory Compliance 0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information CMA_C1267 - Establish alternate storage site to store and retrieve backup information Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
0a412110-3874-9f22-187a-c7a81c8a6704
App Service 546fe8d2-368d-4029-a418-6af48a7f61e5 App Service apps should use a SKU that supports private link With supported SKUs, Azure Private Link lets you connect your virtual network to Azure services without a public IP address at the source or destination. The Private Link platform handles the connectivity between the consumer and services over the Azure backbone network. By mapping private endpoints to apps, you can reduce data leakage risks. Learn more about private links at: https://aka.ms/private-link. Default
Audit
Allowed
Audit, Deny, Disabled
change
2022-09-19 17:41:40
Major (3.0.0 > 4.0.0)
Kubernetes febd0533-8e55-448f-b837-bd0e06f16469 Kubernetes cluster containers should only use allowed images Use images from trusted registries to reduce the Kubernetes cluster's exposure risk to unknown vulnerabilities, security issues and malicious images. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. Default
Deny
Allowed
audit, Audit, deny, Deny, disabled, Disabled
change
2022-09-19 17:41:40
Major (8.0.0 > 9.0.0)
Regulatory Compliance 29acfac0-4bb4-121b-8283-8943198b1549 Review and update identification and authentication policies and procedures CMA_C1299 - Review and update identification and authentication policies and procedures Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
29acfac0-4bb4-121b-8283-8943198b1549
Regulatory Compliance d8350d4c-9314-400b-288f-20ddfce04fbd Define and enforce the limit of concurrent sessions CMA_C1050 - Define and enforce the limit of concurrent sessions Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
d8350d4c-9314-400b-288f-20ddfce04fbd
Regulatory Compliance bfc540fe-376c-2eef-4355-121312fa4437 Maintain separate execution domains for running processes CMA_C1665 - Maintain separate execution domains for running processes Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
bfc540fe-376c-2eef-4355-121312fa4437
App Service 2f7c08c2-f671-4282-9fdb-597b6ef2c10d App Service app slots should have 'Client Certificates (Incoming client certificates)' enabled Client certificates allow for the app to request a certificate for incoming requests. Only clients that have a valid certificate will be able to reach the app. Default
Audit
Allowed
Audit, Disabled
add
2022-09-19 17:41:40
2f7c08c2-f671-4282-9fdb-597b6ef2c10d
Regulatory Compliance 8b077bff-516f-3983-6c42-c86e9a11868b Designate individuals to fulfill specific roles and responsibilities CMA_C1747 - Designate individuals to fulfill specific roles and responsibilities Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
8b077bff-516f-3983-6c42-c86e9a11868b
Regulatory Compliance bf883b14-9c19-0f37-8825-5e39a8b66d5b Perform threat modeling CMA_0392 - Perform threat modeling Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
bf883b14-9c19-0f37-8825-5e39a8b66d5b
Regulatory Compliance ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab Check for privacy and security compliance before establishing internal connections CMA_0053 - Check for privacy and security compliance before establishing internal connections Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab
Kubernetes 423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Disable automounting API credentials to prevent a potentially compromised Pod resource to run API commands against Kubernetes clusters. For more information, see https://aka.ms/kubepolicydoc. Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
change
2022-09-19 17:41:40
Major (3.0.1 > 4.0.0)
Regulatory Compliance 279052a0-8238-694d-9661-bf649f951747 Identify contaminated systems and components CMA_0300 - Identify contaminated systems and components Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
279052a0-8238-694d-9661-bf649f951747
Regulatory Compliance de251b09-4a5e-1204-4bef-62ac58d47999 Adjust level of audit review, analysis, and reporting CMA_C1123 - Adjust level of audit review, analysis, and reporting Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
de251b09-4a5e-1204-4bef-62ac58d47999
Regulatory Compliance 3f1216b0-30ee-1ac9-3899-63eb744e85f5 Obtain Admin documentation CMA_C1580 - Obtain Admin documentation Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
3f1216b0-30ee-1ac9-3899-63eb744e85f5
Regulatory Compliance 92b94485-1c49-3350-9ada-dffe94f08e87 Obtain approvals for acquisitions and outsourcing CMA_C1590 - Obtain approvals for acquisitions and outsourcing Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
92b94485-1c49-3350-9ada-dffe94f08e87
Regulatory Compliance 56fb5173-3865-5a5d-5fad-ae33e53e1577 Address information security issues CMA_C1742 - Address information security issues Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
56fb5173-3865-5a5d-5fad-ae33e53e1577
Regulatory Compliance 13939f8c-4cd5-a6db-9af4-9dfec35e3722 Identify and mitigate potential issues at alternate storage site CMA_C1271 - Identify and mitigate potential issues at alternate storage site Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
13939f8c-4cd5-a6db-9af4-9dfec35e3722
Regulatory Compliance 75b9db50-7906-2351-98ae-0458218609e5 Retain accounting of disclosures of information CMA_C1819 - Retain accounting of disclosures of information Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
75b9db50-7906-2351-98ae-0458218609e5
Kubernetes a27c700f-8a22-44ec-961c-41625264370b Kubernetes clusters should not use specific security capabilities Prevent specific security capabilities in Kubernetes clusters to prevent ungranted privileges on the Pod resource. For more information, see https://aka.ms/kubepolicydoc. Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
change
2022-09-19 17:41:40
Major (4.0.1 > 5.0.0)
Kubernetes e1e6c427-07d9-46ab-9689-bfa85431e636 Kubernetes cluster pods and containers should only use allowed SELinux options Pods and containers should only use allowed SELinux options in a Kubernetes cluster. This recommendation is part of Pod Security Policies which are intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
change
2022-09-19 17:41:40
Major (6.0.2 > 7.0.0)
Regulatory Compliance ff136354-1c92-76dc-2dab-80fb7c6a9f1a Observe and report security weaknesses CMA_0384 - Observe and report security weaknesses Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
ff136354-1c92-76dc-2dab-80fb7c6a9f1a
Regulatory Compliance db8b35d6-8adb-3f51-44ff-c648ab5b1530 Employ FICAM-approved resources to accept third-party credentials CMA_C1349 - Employ FICAM-approved resources to accept third-party credentials Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
db8b35d6-8adb-3f51-44ff-c648ab5b1530
Kubernetes f85eb0dd-92ee-40e9-8a76-db25a507d6d3 Kubernetes cluster containers should only use allowed ProcMountType Pod containers can only use allowed ProcMountTypes in a Kubernetes cluster. This recommendation is part of Pod Security Policies which are intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
change
2022-09-19 17:41:40
Major (7.0.1 > 8.0.0)
Kubernetes 1ddac26b-ed48-4c30-8cc5-3a68c79b8001 Kubernetes clusters should not allow endpoint edit permissions of ClusterRole/system:aggregate-to-edit ClusterRole/system:aggregate-to-edit should not allow endpoint edit permissions due to CVE-2021-25740, Endpoint & EndpointSlice permissions allow cross-Namespace forwarding, https://github.com/kubernetes/kubernetes/issues/103675. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. Default
Audit
Allowed
Audit, Disabled
change
2022-09-19 17:41:40
Major (2.0.0 > 3.0.0)
Regulatory Compliance 0f31d98d-5ce2-705b-4aa5-b4f6705110dd Prepare alternate processing site for use as operational site CMA_C1278 - Prepare alternate processing site for use as operational site Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
0f31d98d-5ce2-705b-4aa5-b4f6705110dd
Regulatory Compliance b8587fce-138f-86e8-33a3-c60768bf1da6 Automate remote maintenance activities CMA_C1402 - Automate remote maintenance activities Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
b8587fce-138f-86e8-33a3-c60768bf1da6
Regulatory Compliance b7897ddc-9716-2460-96f7-7757ad038cc4 Assign risk designations CMA_0016 - Assign risk designations Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
b7897ddc-9716-2460-96f7-7757ad038cc4
Regulatory Compliance adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures CMA_C1616 - Review and update system and communications protection policies and procedures Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
adf517f3-6dcd-3546-9928-34777d0c277e
Regulatory Compliance 8f835d6a-4d13-9a9c-37dc-176cebd37fda Document wireless access security controls CMA_C1695 - Document wireless access security controls Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
8f835d6a-4d13-9a9c-37dc-176cebd37fda
Regulatory Compliance 8c44a0ea-9b09-4d9c-0e91-f9bee3d05bfb Document customer-defined actions CMA_C1582 - Document customer-defined actions Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
8c44a0ea-9b09-4d9c-0e91-f9bee3d05bfb
Kubernetes 233a2a17-77ca-4fb1-9b6b-69223d272a44 Kubernetes cluster services should listen only on allowed ports Restrict services to listen only on allowed ports to secure access to the Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. Default
Deny
Allowed
audit, Audit, deny, Deny, disabled, Disabled
change
2022-09-19 17:41:40
Major (7.0.0 > 8.0.0)
Regulatory Compliance 836f8406-3b8a-11bb-12cb-6c7fa0765668 Develop configuration item identification plan CMA_C1231 - Develop configuration item identification plan Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
836f8406-3b8a-11bb-12cb-6c7fa0765668
Regulatory Compliance cf79f602-1e60-5423-6c0c-e632c2ea1fc0 Implement controls to protect PII CMA_C1839 - Implement controls to protect PII Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
cf79f602-1e60-5423-6c0c-e632c2ea1fc0
Regulatory Compliance 098dcde7-016a-06c3-0985-0daaf3301d3a Distribute authenticators CMA_0184 - Distribute authenticators Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
098dcde7-016a-06c3-0985-0daaf3301d3a
App Service 25a5046c-c423-4805-9235-e844ae9ef49b Configure Function apps to turn off remote debugging Remote debugging requires inbound ports to be opened on Function apps. Remote debugging should be turned off. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 001
Website Contributor
add
2022-09-19 17:41:40
25a5046c-c423-4805-9235-e844ae9ef49b
Regulatory Compliance 015b4935-448a-8684-27c0-d13086356c33 Implement a threat awareness program CMA_C1758 - Implement a threat awareness program Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
015b4935-448a-8684-27c0-d13086356c33
Regulatory Compliance 83eea3d3-0d2c-9ccd-1021-2111b29b2a62 Ensure system capable of dynamic isolation of resources CMA_C1638 - Ensure system capable of dynamic isolation of resources Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
83eea3d3-0d2c-9ccd-1021-2111b29b2a62
Regulatory Compliance ced291b8-1d3d-7e27-40cf-829e9dd523c8 Review and update the information security architecture CMA_C1504 - Review and update the information security architecture Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
ced291b8-1d3d-7e27-40cf-829e9dd523c8
Regulatory Compliance dd2523d5-2db3-642b-a1cf-83ac973b32c2 Establish benchmarks for flaw remediation CMA_C1675 - Establish benchmarks for flaw remediation Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
dd2523d5-2db3-642b-a1cf-83ac973b32c2
Kubernetes b81f454c-eebb-4e4f-9dfe-dca060e8a8fd [Preview]: Kubernetes clusters should restrict creation of given resource type Given Kubernetes resource type should not be deployed in certain namespace. Default
Audit
Allowed
Audit, Deny, Disabled
change
2022-09-19 17:41:40
Major, suffix remains equal (1.1.0-preview > 2.1.0-preview)
Regulatory Compliance 4edaca8c-0912-1ac5-9eaa-6a1057740fae Provide capability to disconnect or disable remote access CMA_C1066 - Provide capability to disconnect or disable remote access Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
4edaca8c-0912-1ac5-9eaa-6a1057740fae
Regulatory Compliance e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users CMA_C1346 - Identify and authenticate non-organizational users Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
e1379836-3492-6395-451d-2f5062e14136
Regulatory Compliance eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures CMA_C1175 - Review and update configuration management policies and procedures Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340
Regulatory Compliance dd6d00a8-701a-5935-a22b-c7b9c0c698b2 Isolate SecurID systems, Security Incident Management systems CMA_C1636 - Isolate SecurID systems, Security Incident Management systems Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
dd6d00a8-701a-5935-a22b-c7b9c0c698b2
Regulatory Compliance cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight CMA_C1587 - Define and document government oversight Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
cbfa1bd0-714d-8d6f-0480-2ad6a53972df
Regulatory Compliance 725164e5-3b21-1ec2-7e42-14f077862841 Require compliance with intellectual property rights CMA_0432 - Require compliance with intellectual property rights Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
725164e5-3b21-1ec2-7e42-14f077862841
Regulatory Compliance 28aa060e-25c7-6121-05d8-a846f11433df Review and update planning policies and procedures CMA_C1491 - Review and update planning policies and procedures Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
28aa060e-25c7-6121-05d8-a846f11433df
Regulatory Compliance 311802f9-098d-0659-245a-94c5d47c0182 Employ boundary protection to isolate information systems CMA_C1639 - Employ boundary protection to isolate information systems Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
311802f9-098d-0659-245a-94c5d47c0182
Regulatory Compliance eb598832-4bcc-658d-4381-3ecbe17b9866 Provide timely maintenance support CMA_C1425 - Provide timely maintenance support Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
eb598832-4bcc-658d-4381-3ecbe17b9866
Regulatory Compliance f3c17714-8ce7-357f-4af2-a0baa63a063f Make SORNs available publicly CMA_C1865 - Make SORNs available publicly Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
f3c17714-8ce7-357f-4af2-a0baa63a063f
Regulatory Compliance b9d45adb-471b-56a5-64d2-5b241f126174 Automate privacy controls CMA_C1817 - Automate privacy controls Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
b9d45adb-471b-56a5-64d2-5b241f126174
Regulatory Compliance 4e400494-53a5-5147-6f4d-718b539c7394 Manage compliance activities CMA_0358 - Manage compliance activities Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
4e400494-53a5-5147-6f4d-718b539c7394
Regulatory Compliance 91a54089-2d69-0f56-62dc-b6371a1671c0 Resume all mission and business functions CMA_C1254 - Resume all mission and business functions Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
91a54089-2d69-0f56-62dc-b6371a1671c0
App Service 5bb220d9-2698-4ee4-8404-b9c30c9df609 App Service apps should have 'Client Certificates (Incoming client certificates)' enabled Client certificates allow for the app to request a certificate for incoming requests. Only clients that have a valid certificate will be able to reach the app. Default
Audit
Allowed
Audit, Disabled
change
2022-09-19 17:41:40
Major (2.0.0 > 3.0.0)
App Service 08cf2974-d178-48a0-b26d-f6b8e555748b Configure Function app slots to only be accessible over HTTPS Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Default
Modify
Allowed
Modify, Disabled
count: 001
Website Contributor
add
2022-09-19 17:41:40
08cf2974-d178-48a0-b26d-f6b8e555748b
App Service a5e3fe8f-f6cd-4f1d-bbf6-c749754a724b Configure App Service apps to turn off remote debugging Remote debugging requires inbound ports to be opened on an App Service app. Remote debugging should be turned off. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 001
Website Contributor
add
2022-09-19 17:41:40
a5e3fe8f-f6cd-4f1d-bbf6-c749754a724b
Regulatory Compliance 3153d9c0-2584-14d3-362d-578b01358aeb Retain training records CMA_0456 - Retain training records Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
3153d9c0-2584-14d3-362d-578b01358aeb
Kubernetes e345eecc-fa47-480f-9e88-67dcc122b164 Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits Enforce container CPU and memory resource limits to prevent resource exhaustion attacks in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. Default
Deny
Allowed
audit, Audit, deny, Deny, disabled, Disabled
change
2022-09-19 17:41:40
Major (8.0.0 > 9.0.0)
Regulatory Compliance d91558ce-5a5c-551b-8fbb-83f793255e09 Route traffic through authenticated proxy network CMA_C1633 - Route traffic through authenticated proxy network Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
d91558ce-5a5c-551b-8fbb-83f793255e09
Regulatory Compliance 3e37c891-840c-3eb4-78d2-e2e0bb5063e0 Require developers to describe accurate security functionality CMA_C1613 - Require developers to describe accurate security functionality Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
3e37c891-840c-3eb4-78d2-e2e0bb5063e0
Regulatory Compliance f131c8c5-a54a-4888-1efc-158928924bc1 Require developers to build security architecture CMA_C1612 - Require developers to build security architecture Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
f131c8c5-a54a-4888-1efc-158928924bc1
Regulatory Compliance e29a8f1b-149b-2fa3-969d-ebee1baa9472 Assign an authorizing official (AO) CMA_C1158 - Assign an authorizing official (AO) Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
e29a8f1b-149b-2fa3-969d-ebee1baa9472
Regulatory Compliance 92a7591f-73b3-1173-a09c-a08882d84c70 Identify actions allowed without authentication CMA_0295 - Identify actions allowed without authentication Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
92a7591f-73b3-1173-a09c-a08882d84c70
Regulatory Compliance 68d2e478-3b19-23eb-1357-31b296547457 Enforce software execution privileges CMA_C1041 - Enforce software execution privileges Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
68d2e478-3b19-23eb-1357-31b296547457
Regulatory Compliance c981fa70-2e58-8141-1457-e7f62ebc2ade Document organizational access agreements CMA_0192 - Document organizational access agreements Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
c981fa70-2e58-8141-1457-e7f62ebc2ade
App Service fd34e936-069e-4fe5-bac6-f7c9824caab6 App Service app slots should use an Azure file share for its content directory The content directory of an app should be located on an Azure file share. The storage account information for the file share must be provided before any publishing activity. To learn more about using Azure Files for hosting app service content refer to https://go.microsoft.com/fwlink/?linkid=2151594. Default
Audit
Allowed
Audit, Disabled
add
2022-09-19 17:41:40
fd34e936-069e-4fe5-bac6-f7c9824caab6
App Service e1a09430-221d-4d4c-a337-1edb5a1fa9bb Function app slots should require FTPS only Enable FTPS enforcement for enhanced security. Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
add
2022-09-19 17:41:40
e1a09430-221d-4d4c-a337-1edb5a1fa9bb
Regulatory Compliance 00f12b6f-10d7-8117-9577-0f2b76488385 Integrate risk management process into SDLC CMA_C1567 - Integrate risk management process into SDLC Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
00f12b6f-10d7-8117-9577-0f2b76488385
Regulatory Compliance 085467a6-9679-5c65-584a-f55acefd0d43 Require developers to implement only approved changes CMA_C1596 - Require developers to implement only approved changes Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
085467a6-9679-5c65-584a-f55acefd0d43
Regulatory Compliance 178c8b7e-1b6e-4289-44dd-2f1526b678a1 Ensure alternate storage site safeguards are equivalent to primary site CMA_C1268 - Ensure alternate storage site safeguards are equivalent to primary site Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
178c8b7e-1b6e-4289-44dd-2f1526b678a1
Regulatory Compliance 18e9d748-73d4-0c96-55ab-b108bfbd5bc3 Notify personnel of any failed security verification tests CMA_C1710 - Notify personnel of any failed security verification tests Default
Manual
Allowed
Manual, Disabled
add
2022-09-19 17:41:40
18e9d748-73d4-0c96-55ab-b108bfbd5bc3
Kubernetes f4a8fce0-2dd5-4c21-9a36-8f0ec809d663 Kubernetes cluster pod FlexVolume volumes should only use allowed drivers Pod FlexVolume volumes should only use allowed drivers in a Kubernetes cluster. This recommendation is part of Pod Security Policies which are intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
change
2022-09-19 17:41:40
Major (4.0.0 > 5.0.0)
Regulatory Compliance 8bfdbaa6-6824-3fec-9b06-7961bf7389a6 Initiate contingency plan testing corrective actions CMA_C1263 - Initiate contingency plan testing corrective actions Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
8bfdbaa6-6824-3fec-9b06-7961bf7389a6
Regulatory Compliance 44f8a42d-739f-8030-89a8-4c2d5b3f6af3 Provide audit review, analysis, and reporting capability CMA_C1124 - Provide audit review, analysis, and reporting capability Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
44f8a42d-739f-8030-89a8-4c2d5b3f6af3
Regulatory Compliance 13ef3484-3a51-785a-9c96-500f21f84edd Information flow control using security policy filters CMA_C1029 - Information flow control using security policy filters Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
13ef3484-3a51-785a-9c96-500f21f84edd
Regulatory Compliance c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts CMA_0205 - Document the information system environment in acquisition contracts Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
c148208b-1a6f-a4ac-7abc-23b1d41121b1
Regulatory Compliance d6653f89-7cb5-24a4-9d71-51581038231b Reauthenticate or terminate a user session CMA_0421 - Reauthenticate or terminate a user session Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
d6653f89-7cb5-24a4-9d71-51581038231b
Regulatory Compliance c7d57a6a-7cc2-66c0-299f-83bf90558f5d Enforce random unique session identifiers CMA_0247 - Enforce random unique session identifiers Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
c7d57a6a-7cc2-66c0-299f-83bf90558f5d
Regulatory Compliance 27ab3ac0-910d-724d-0afa-1a2a01e996c0 Respond to rectification requests CMA_0442 - Respond to rectification requests Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
27ab3ac0-910d-724d-0afa-1a2a01e996c0
Regulatory Compliance e6f7b584-877a-0d69-77d4-ab8b923a9650 Document separation of duties CMA_0204 - Document separation of duties Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
e6f7b584-877a-0d69-77d4-ab8b923a9650
Regulatory Compliance 97cfd944-6f0c-7db2-3796-8e890ef70819 Establish conditions for role membership CMA_0269 - Establish conditions for role membership Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
97cfd944-6f0c-7db2-3796-8e890ef70819
Regulatory Compliance 34738025-5925-51f9-1081-f2d0060133ed Information security and personal data protection CMA_0332 - Information security and personal data protection Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
34738025-5925-51f9-1081-f2d0060133ed
Regulatory Compliance 9e3c505e-7aeb-2096-3417-b132242731fc Review content prior to posting publicly accessible information CMA_C1085 - Review content prior to posting publicly accessible information Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
9e3c505e-7aeb-2096-3417-b132242731fc
Regulatory Compliance f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting CMA_0339 - Integrate audit review, analysis, and reporting Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
f741c4e6-41eb-15a4-25a2-61ac7ca232f0
Regulatory Compliance c79d378a-2521-822a-0407-57454f8d2c74 Notify upon termination or transfer CMA_0381 - Notify upon termination or transfer Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
c79d378a-2521-822a-0407-57454f8d2c74
Regulatory Compliance 66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8 Prevent split tunneling for remote devices CMA_C1632 - Prevent split tunneling for remote devices Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8
Regulatory Compliance 2927e340-60e4-43ad-6b5f-7a1468232cc2 Configure detection whitelist CMA_0068 - Configure detection whitelist Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
2927e340-60e4-43ad-6b5f-7a1468232cc2
Regulatory Compliance 67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations CMA_0140 - Determine supplier contract obligations Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
67ada943-8539-083d-35d0-7af648974125
Regulatory Compliance 8cd815bf-97e1-5144-0735-11f6ddb50a59 Enforce and audit access restrictions CMA_C1203 - Enforce and audit access restrictions Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
8cd815bf-97e1-5144-0735-11f6ddb50a59
Regulatory Compliance 9b8b05ec-3d21-215e-5d98-0f7cf0998202 Provide security awareness training for insider threats CMA_0417 - Provide security awareness training for insider threats Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
9b8b05ec-3d21-215e-5d98-0f7cf0998202
Regulatory Compliance 5023a9e7-8e64-2db6-31dc-7bce27f796af Provide privacy notice to the public and to individuals CMA_C1861 - Provide privacy notice to the public and to individuals Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
5023a9e7-8e64-2db6-31dc-7bce27f796af
Regulatory Compliance 341bc9f1-7489-07d9-4ec6-971573e1546a Define access authorizations to support separation of duties CMA_0116 - Define access authorizations to support separation of duties Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
341bc9f1-7489-07d9-4ec6-971573e1546a
Regulatory Compliance 84245967-7882-54f6-2d34-85059f725b47 Establish an information security program CMA_0263 - Establish an information security program Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
84245967-7882-54f6-2d34-85059f725b47
Regulatory Compliance c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls CMA_C1145 - Assess Security Controls Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
c423e64d-995c-9f67-0403-b540f65ba42a
Regulatory Compliance b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan CMA_0151 - Develop and establish a system security plan Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
b2ea1058-8998-3dd1-84f1-82132ad482fd
Regulatory Compliance 3ae68d9a-5696-8c32-62d3-c6f9c52e437c Refresh authenticators CMA_0425 - Refresh authenticators Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
3ae68d9a-5696-8c32-62d3-c6f9c52e437c
Regulatory Compliance 7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years CMA_0522 - Update rules of behavior and access agreements every 3 years Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
7ad83b58-2042-085d-08f0-13e946f26f89
Regulatory Compliance 1ee4c7eb-480a-0007-77ff-4ba370776266 Use system clocks for audit records CMA_0535 - Use system clocks for audit records Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
1ee4c7eb-480a-0007-77ff-4ba370776266
Monitoring 58e891b9-ce13-4ac3-86e4-ac3e1f20cb07 Configure Linux Virtual Machines to be associated with a Data Collection Rule Deploy Association to link Linux virtual machines to the specified Data Collection Rule. The list of locations and OS images are updated over time as support is increased. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 002
Log Analytics Contributor
Monitoring Contributor
change
2022-09-13 16:35:29
Major (2.0.0 > 3.0.0)
Regulatory Compliance 26d178a4-9261-6f04-a100-47ed85314c6e Implement security directives CMA_C1706 - Implement security directives Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
26d178a4-9261-6f04-a100-47ed85314c6e
Monitoring 59c3d93f-900b-4827-a8bd-562e7b956e7c Configure Linux virtual machine scale sets to run Azure Monitor Agent with user-assigned managed identity-based authentication Automate the deployment of Azure Monitor Agent extension on your Linux virtual machine scale sets for collecting telemetry data from the guest OS. This policy will install the extension and configure it to use the specified user-assigned managed identity if the OS and region are supported, and skip install otherwise. Learn more: https://aka.ms/AMAOverview. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 001
Virtual Machine Contributor
change
2022-09-13 16:35:29
Major (2.1.0 > 3.0.0)
Regulatory Compliance 979ed3b6-83f9-26bc-4b86-5b05464700bf Modify access authorizations upon personnel transfer CMA_0374 - Modify access authorizations upon personnel transfer Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
979ed3b6-83f9-26bc-4b86-5b05464700bf
Regulatory Compliance 6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements CMA_0521 - Update rules of behavior and access agreements Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
6610f662-37e9-2f71-65be-502bdc2f554d
Regulatory Compliance a930f477-9dcb-2113-8aa7-45bb6fc90861 Review and update the events defined in AU-02 CMA_C1106 - Review and update the events defined in AU-02 Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
a930f477-9dcb-2113-8aa7-45bb6fc90861
Regulatory Compliance 4aacaec9-0628-272c-3e83-0d68446694e0 Manage Authenticators CMA_C1321 - Manage Authenticators Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
4aacaec9-0628-272c-3e83-0d68446694e0
Regulatory Compliance 92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data CMA_0353 - Maintain records of processing of personal data Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
92ede480-154e-0e22-4dca-8b46a74a3a51
Regulatory Compliance 2b2f3a72-9e68-3993-2b69-13dcdecf8958 Define requirements for supplying goods and services CMA_0126 - Define requirements for supplying goods and services Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
2b2f3a72-9e68-3993-2b69-13dcdecf8958
Regulatory Compliance b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities CMA_0080 - Control maintenance and repair activities Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
b6ad009f-5c24-1dc0-a25e-74b60e4da45f
Regulatory Compliance 37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan CMA_0352 - Maintain incident response plan Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
37546841-8ea1-5be0-214d-8ac599588332
Regulatory Compliance 77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts CMA_0207 - Document the protection of cardholder data in third party contracts Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
77acc53d-0f67-6e06-7d04-5750653d4629
Regulatory Compliance e4e1f896-8a93-1151-43c7-0ad23b081ee2 Authorize, monitor, and control voip CMA_0025 - Authorize, monitor, and control voip Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
e4e1f896-8a93-1151-43c7-0ad23b081ee2
Regulatory Compliance 7d10debd-4775-85a7-1a41-7e128e0e8c50 Automate process to prohibit implementation of unapproved changes CMA_C1194 - Automate process to prohibit implementation of unapproved changes Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
7d10debd-4775-85a7-1a41-7e128e0e8c50
Regulatory Compliance 8b1da407-5e60-5037-612e-2caa1b590719 Record disclosures of PII to third parties CMA_0422 - Record disclosures of PII to third parties Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
8b1da407-5e60-5037-612e-2caa1b590719
Regulatory Compliance 3881168c-5d38-6f04-61cc-b5d87b2c4c58 Establish third-party personnel security requirements CMA_C1529 - Establish third-party personnel security requirements Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
3881168c-5d38-6f04-61cc-b5d87b2c4c58
Regulatory Compliance 4ee5975d-2507-5530-a20a-83a725889c6f Restrict unauthorized software and firmware installation CMA_C1205 - Restrict unauthorized software and firmware installation Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
4ee5975d-2507-5530-a20a-83a725889c6f
Regulatory Compliance 23d1a569-2d1e-7f43-9e22-1f94115b7dd5 Identify classes of Incidents and Actions taken CMA_C1365 - Identify classes of Incidents and Actions taken Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
23d1a569-2d1e-7f43-9e22-1f94115b7dd5
Regulatory Compliance 58a51cde-008b-1a5d-61b5-d95849770677 Test the business continuity and disaster recovery plan CMA_0509 - Test the business continuity and disaster recovery plan Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
58a51cde-008b-1a5d-61b5-d95849770677
Regulatory Compliance 5c33538e-02f8-0a7f-998b-a4c1e22076d3 Govern compliance of cloud service providers CMA_0290 - Govern compliance of cloud service providers Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
5c33538e-02f8-0a7f-998b-a4c1e22076d3
Regulatory Compliance b273f1e3-79e7-13ee-5b5d-dca6c66c3d5d Manage maintenance personnel CMA_C1421 - Manage maintenance personnel Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
b273f1e3-79e7-13ee-5b5d-dca6c66c3d5d
Regulatory Compliance 043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory CMA_0096 - Create a data inventory Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
043c1e56-5a16-52f8-6af8-583098ff3e60
Regulatory Compliance 0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts CMA_0197 - Document requirements for the use of shared data in contracts Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
0ba211ef-0e85-2a45-17fc-401d1b3f8f85
Regulatory Compliance f29b17a4-0df2-8a50-058a-8570f9979d28 Assign system identifiers CMA_0018 - Assign system identifiers Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
f29b17a4-0df2-8a50-058a-8570f9979d28
Regulatory Compliance af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site CMA_0262 - Establish an alternate processing site Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
af5ff768-a34b-720e-1224-e6b3214f3ba6
Regulatory Compliance 433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling CMA_0318 - Implement incident handling Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
433de59e-7a53-a766-02c2-f80f8421469a
Regulatory Compliance 1ff03f2a-974b-3272-34f2-f6cd51420b30 Obscure feedback information during authentication process CMA_C1344 - Obscure feedback information during authentication process Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
1ff03f2a-974b-3272-34f2-f6cd51420b30
Regulatory Compliance 11ba0508-58a8-44de-5f3a-9e05d80571da Develop business classification schemes CMA_0155 - Develop business classification schemes Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
11ba0508-58a8-44de-5f3a-9e05d80571da
Regulatory Compliance 33602e78-35e3-4f06-17fb-13dd887448e4 Conduct capacity planning CMA_C1252 - Conduct capacity planning Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
33602e78-35e3-4f06-17fb-13dd887448e4
Regulatory Compliance c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 Verify personal data is deleted at the end of processing CMA_0540 - Verify personal data is deleted at the end of processing Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
c6b877a6-5d6d-1862-4b7f-3ccc30b25b63
Regulatory Compliance 72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators CMA_0538 - Verify identity before distributing authenticators Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
72889284-15d2-90b2-4b39-a1e9541e1152
Regulatory Compliance 1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities CMA_0364 - Manage nonlocal maintenance and diagnostic activities Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
1fb1cb0e-1936-6f32-42fd-89970b535855
Regulatory Compliance 1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control CMA_0390 - Perform audit for configuration change control Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
1282809c-9001-176b-4a81-260a085f4872
Regulatory Compliance b5244f81-6cab-3188-2412-179162294996 Review publicly accessible content for nonpublic information CMA_C1086 - Review publicly accessible content for nonpublic information Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
b5244f81-6cab-3188-2412-179162294996
Regulatory Compliance bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points CMA_0484 - Route traffic through managed network access points Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
bab9ef1d-a16d-421a-822d-3fa94e808156
Regulatory Compliance f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts CMA_0194 - Document protection of personal data in acquisition contracts Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
f9ec3263-9562-1768-65a1-729793635a8d
Regulatory Compliance d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy CMA_0159 - Develop organization code of conduct policy Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
d02498e0-8a6f-6b02-8332-19adf6711d1e
Regulatory Compliance ee67c031-57fc-53d0-0cca-96c4c04345e8 Document and distribute a privacy policy CMA_0188 - Document and distribute a privacy policy Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
ee67c031-57fc-53d0-0cca-96c4c04345e8
Regulatory Compliance 35de8462-03ff-45b3-5746-9d4603c74c56 Implement an insider threat program CMA_C1751 - Implement an insider threat program Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
35de8462-03ff-45b3-5746-9d4603c74c56
Regulatory Compliance 8019d788-713d-90a1-5570-dac5052f517d Train staff on PII sharing and its consequences CMA_C1871 - Train staff on PII sharing and its consequences Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
8019d788-713d-90a1-5570-dac5052f517d
Regulatory Compliance f33c3238-11d2-508c-877c-4262ec1132e1 Recover and reconstitute resources after any disruption CMA_C1295 - Recover and reconstitute resources after any disruption Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
f33c3238-11d2-508c-877c-4262ec1132e1
Regulatory Compliance 0f4fa857-079d-9d3d-5c49-21f616189e03 Provide real-time alerts for audit event failures CMA_C1114 - Provide real-time alerts for audit event failures Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
0f4fa857-079d-9d3d-5c49-21f616189e03
Regulatory Compliance d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy CMA_0258 - Establish a risk management strategy Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
d36700f2-2f0d-7c2a-059c-bdadd1d79f70
Regulatory Compliance fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information CMA_C1293 - Separately store backup information Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
fc26e2fd-3149-74b4-5988-d64bb90f8ef7
Regulatory Compliance 6abdf7c7-362b-3f35-099e-533ed50988f9 Assign information security representative to change control CMA_C1198 - Assign information security representative to change control Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
6abdf7c7-362b-3f35-099e-533ed50988f9
Regulatory Compliance 5d3abfea-a130-1208-29c0-e57de80aa6b0 Review the results of contingency plan testing CMA_C1262 - Review the results of contingency plan testing Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
5d3abfea-a130-1208-29c0-e57de80aa6b0
Regulatory Compliance 9150259b-617b-596d-3bf5-5ca3fce20335 Establish policies for supply chain risk management CMA_0275 - Establish policies for supply chain risk management Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
9150259b-617b-596d-3bf5-5ca3fce20335
Regulatory Compliance ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity CMA_0473 - Review file and folder activity Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba
Regulatory Compliance b4409bff-2287-8407-05fd-c73175a68302 Enforce a limit of consecutive failed login attempts CMA_C1044 - Enforce a limit of consecutive failed login attempts Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
b4409bff-2287-8407-05fd-c73175a68302
Regulatory Compliance ad1d562b-a04b-15d3-6770-ed310b601cb5 Publish rules and regulations accessing Privacy Act records CMA_C1847 - Publish rules and regulations accessing Privacy Act records Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
ad1d562b-a04b-15d3-6770-ed310b601cb5
Regulatory Compliance f78fc35e-1268-0bca-a798-afcba9d2330a Select additional testing for security control assessments CMA_C1149 - Select additional testing for security control assessments Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
f78fc35e-1268-0bca-a798-afcba9d2330a
Regulatory Compliance 203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis CMA_0057 - Conduct a security impact analysis Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
203101f5-99a3-1491-1b56-acccd9b66a9e
Regulatory Compliance d4f70530-19a2-2a85-6e0c-0c3c465e3325 Make accounting of disclosures available upon request CMA_C1820 - Make accounting of disclosures available upon request Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
d4f70530-19a2-2a85-6e0c-0c3c465e3325
Regulatory Compliance 01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection CMA_0328 - Implement system boundary protection Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
01ae60e2-38bb-0a32-7b20-d3a091423409
Monitoring 32ade945-311e-4249-b8a4-a549924234d7 Linux virtual machine scale sets should have Azure Monitor Agent installed Linux virtual machine scale sets should be monitored and secured through the deployed Azure Monitor Agent. The Azure Monitor Agent collects telemetry data from the guest OS. This policy will audit virtual machine scale sets with supported OS images in supported regions. Learn more: https://aka.ms/AMAOverview. Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
change
2022-09-13 16:35:29
Major (2.0.0 > 3.0.0)
Regulatory Compliance b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures CMA_C1352 - Review and update incident response policies and procedures Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
b28c8687-4bbd-8614-0b96-cdffa1ac6d9c
Regulatory Compliance ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills CMA_0281 - Execute actions in response to information spills Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
ba78efc6-795c-64f4-7a02-91effbd34af9
Regulatory Compliance d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy CMA_0256 - Establish a password policy Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
d8bbd80e-3bb1-5983-06c2-428526ec6a63
Regulatory Compliance c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928 Appoint a senior information security officer CMA_C1733 - Appoint a senior information security officer Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928
Regulatory Compliance 42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures CMA_0143 - Develop acceptable use policies and procedures Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
42116f15-5665-a52a-87bb-b40e64c74b6c
Regulatory Compliance 57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts CMA_0201 - Document security functional requirements in acquisition contracts Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
57927290-8000-59bf-3776-90c468ac5b4b
Regulatory Compliance b8972f60-8d77-1cb8-686f-9c9f4cdd8a59 Use dedicated machines for administrative tasks CMA_0527 - Use dedicated machines for administrative tasks Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
b8972f60-8d77-1cb8-686f-9c9f4cdd8a59
Regulatory Compliance 06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods CMA_0324 - Implement privacy notice delivery methods Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
06f84330-4c27-21f7-72cd-7488afd50244
Regulatory Compliance 29363ae1-68cd-01ca-799d-92c9197c8404 Manage authenticator lifetime and reuse CMA_0355 - Manage authenticator lifetime and reuse Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
29363ae1-68cd-01ca-799d-92c9197c8404
Regulatory Compliance 678ca228-042d-6d8e-a598-c58d5670437d Prohibit remote activation of collaborative computing devices CMA_C1648 - Prohibit remote activation of collaborative computing devices Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
678ca228-042d-6d8e-a598-c58d5670437d
Regulatory Compliance 8eea8c14-4d93-63a3-0c82-000343ee5204 Conduct a full text analysis of logged privileged commands CMA_0056 - Conduct a full text analysis of logged privileged commands Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
8eea8c14-4d93-63a3-0c82-000343ee5204
Regulatory Compliance 54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information CMA_0253 - Eradicate contaminated information Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
54a9c072-4a93-2a03-6a43-a060d30383d7
Regulatory Compliance b4512986-80f5-1656-0c58-08866bd2673a Designate authorized personnel to post publicly accessible information CMA_C1083 - Designate authorized personnel to post publicly accessible information Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
b4512986-80f5-1656-0c58-08866bd2673a
Regulatory Compliance b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting CMA_0277 - Establish requirements for audit review and reporting Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
b3c8cc83-20d3-3890-8bc8-5568777670f4
Regulatory Compliance 9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training CMA_C1095 - Provide periodic role-based security training Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
9ac8621d-9acd-55bf-9f99-ee4212cc3d85
Regulatory Compliance 5c40f27b-6791-18c5-3f85-7b863bd99c11 Automate proposed documented changes CMA_C1191 - Automate proposed documented changes Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
5c40f27b-6791-18c5-3f85-7b863bd99c11
Regulatory Compliance 1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies CMA_C1651 - Define acceptable and unacceptable mobile code technologies Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
1afada58-8b34-7ac2-a38a-983218635201
Regulatory Compliance d041726f-00e0-41ca-368c-b1a122066482 Provide role-based practical exercises CMA_C1096 - Provide role-based practical exercises Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
d041726f-00e0-41ca-368c-b1a122066482
Regulatory Compliance 5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices CMA_0396 - Prohibit unfair practices Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
5fe84a4c-1b0c-a738-2aba-ed49c9069d3b
Regulatory Compliance fd81a1b3-2d7a-107c-507e-29b87d040c19 Enforce appropriate usage of all accounts CMA_C1023 - Enforce appropriate usage of all accounts Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
fd81a1b3-2d7a-107c-507e-29b87d040c19
Regulatory Compliance 52375c01-4d4c-7acc-3aa4-5b3d53a047ec Define the duties of processors CMA_0127 - Define the duties of processors Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
52375c01-4d4c-7acc-3aa4-5b3d53a047ec
Regulatory Compliance 05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas CMA_0323 - Implement physical security for offices, working areas, and secure areas Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
05ec66a2-137c-14b8-8e75-3d7a2bef07f8
Regulatory Compliance 18e7906d-4197-20fa-2f14-aaac21864e71 Document process to ensure integrity of PII CMA_C1827 - Document process to ensure integrity of PII Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
18e7906d-4197-20fa-2f14-aaac21864e71
Regulatory Compliance 8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview CMA_0468 - Review cloud identity report overview Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
8aec4343-9153-9641-172c-defb201f56b3
Regulatory Compliance f8d141b7-4e21-62a6-6608-c79336e36bc9 Establish privacy requirements for contractors and service providers CMA_C1810 - Establish privacy requirements for contractors and service providers Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
f8d141b7-4e21-62a6-6608-c79336e36bc9
Regulatory Compliance 0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships CMA_0014 - Assess risk in third party relationships Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08
Regulatory Compliance 0bbfd658-93ab-6f5e-1e19-3c1c1da62d01 Keep accurate accounting of disclosures of information CMA_C1818 - Keep accurate accounting of disclosures of information Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
0bbfd658-93ab-6f5e-1e19-3c1c1da62d01
Regulatory Compliance 4c6df5ff-4ef2-4f17-a516-0da9189c603b Assign account managers CMA_0015 - Assign account managers Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
4c6df5ff-4ef2-4f17-a516-0da9189c603b
Regulatory Compliance 214ea241-010d-8926-44cc-b90a96d52adc Compile Audit records into system wide audit CMA_C1140 - Compile Audit records into system wide audit Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
214ea241-010d-8926-44cc-b90a96d52adc
Regulatory Compliance 7d70383a-32f4-a0c2-61cf-a134851968c2 Determine legal authority to collect PII CMA_C1800 - Determine legal authority to collect PII Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
7d70383a-32f4-a0c2-61cf-a134851968c2
Regulatory Compliance 3c93dba1-84fd-57de-33c7-ef0400a08134 Establish terms and conditions for accessing resources CMA_C1076 - Establish terms and conditions for accessing resources Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
3c93dba1-84fd-57de-33c7-ef0400a08134
Regulatory Compliance eab4450d-9e5c-4f38-0656-2ff8c78c83f3 Document and implement privacy complaint procedures CMA_0189 - Document and implement privacy complaint procedures Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
eab4450d-9e5c-4f38-0656-2ff8c78c83f3
Synapse 1e5ed725-f16c-478b-bd4b-7bfa2f7940b9 Configure Azure Synapse workspaces to use private DNS zones Use private DNS zones to override the DNS resolution for a private endpoint. A private DNS zone links to your virtual network to resolve to Azure Synapse workspace. Learn more at: https://docs.microsoft.com/azure/synapse-analytics/security/how-to-connect-to-workspace-from-restricted-network#appendix-dns-registration-for-private-endpoint. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 001
Network Contributor
change
2022-09-13 16:35:29
Major (1.0.0 > 2.0.0)
Regulatory Compliance 35963d41-4263-0ef9-98d5-70eb058f9e3c Establish procedures for initial authenticator distribution CMA_0276 - Establish procedures for initial authenticator distribution Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
35963d41-4263-0ef9-98d5-70eb058f9e3c
Regulatory Compliance c72fc0c8-2df8-7506-30be-6ba1971747e1 Automate implementation of approved change notifications CMA_C1196 - Automate implementation of approved change notifications Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
c72fc0c8-2df8-7506-30be-6ba1971747e1
Regulatory Compliance 97f0d974-1486-01e2-2088-b888f46c0589 Train personnel on disclosure of nonpublic information CMA_C1084 - Train personnel on disclosure of nonpublic information Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
97f0d974-1486-01e2-2088-b888f46c0589
Regulatory Compliance 6ab47bbf-867e-9113-7998-89b58f77326a Respond to complaints, concerns, or questions timely CMA_C1853 - Respond to complaints, concerns, or questions timely Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
6ab47bbf-867e-9113-7998-89b58f77326a
Regulatory Compliance 8bb40df9-23e4-4175-5db3-8dba86349b73 Confirm quality and integrity of PII CMA_C1821 - Confirm quality and integrity of PII Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
8bb40df9-23e4-4175-5db3-8dba86349b73
Regulatory Compliance 27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory CMA_0266 - Establish and maintain an asset inventory Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
27965e62-141f-8cca-426f-d09514ee5216
Regulatory Compliance e8c31e15-642d-600f-78ab-bad47a5787e6 Require third-party providers to comply with personnel security policies and procedures CMA_C1530 - Require third-party providers to comply with personnel security policies and procedures Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
e8c31e15-642d-600f-78ab-bad47a5787e6
Regulatory Compliance 92b49e92-570f-1765-804a-378e6c592e28 Automate process to highlight unreviewed change proposals CMA_C1193 - Automate process to highlight unreviewed change proposals Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
92b49e92-570f-1765-804a-378e6c592e28
Monitoring ae8a10e6-19d6-44a3-a02d-a2bdfc707742 Configure Linux virtual machines to run Azure Monitor Agent with user-assigned managed identity-based authentication Automate the deployment of Azure Monitor Agent extension on your Linux virtual machines for collecting telemetry data from the guest OS. This policy will install the extension and configure it to use the specified user-assigned managed identity if the OS and region are supported, and skip install otherwise. Learn more: https://aka.ms/AMAOverview. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 001
Virtual Machine Contributor
change
2022-09-13 16:35:29
Major (2.1.0 > 3.0.0)
Regulatory Compliance 271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements CMA_0193 - Document personnel acceptance of privacy requirements Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
271a3e58-1b38-933d-74c9-a580006b80aa
Monitoring 1afdc4b6-581a-45fb-b630-f1e6051e3e7a Linux virtual machines should have Azure Monitor Agent installed Linux virtual machines should be monitored and secured through the deployed Azure Monitor Agent. The Azure Monitor Agent collects telemetry data from the guest OS. This policy will audit virtual machines with supported OS images in supported regions. Learn more: https://aka.ms/AMAOverview. Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
change
2022-09-13 16:35:29
Major (2.0.0 > 3.0.0)
Regulatory Compliance 5226dee6-3420-711b-4709-8e675ebd828f Update information security policies CMA_0518 - Update information security policies Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
5226dee6-3420-711b-4709-8e675ebd828f
Regulatory Compliance 964b340a-43a4-4798-2af5-7aedf6cb001b Collect PII directly from the individual CMA_C1822 - Collect PII directly from the individual Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
964b340a-43a4-4798-2af5-7aedf6cb001b
Regulatory Compliance ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts CMA_0203 - Document security strength requirements in acquisition contracts Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
ebb0ba89-6d8c-84a7-252b-7393881e43de
Regulatory Compliance 70a7a065-a060-85f8-7863-eb7850ed2af9 Produce Security Assessment report CMA_C1146 - Produce Security Assessment report Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
70a7a065-a060-85f8-7863-eb7850ed2af9
Regulatory Compliance 8a703eb5-4e53-701b-67e4-05ba2f7930c8 Separate user and information system management functionality CMA_0493 - Separate user and information system management functionality Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
8a703eb5-4e53-701b-67e4-05ba2f7930c8
Regulatory Compliance 01c387ea-383d-4ca9-295a-977fab516b03 Authorize remote access to privileged commands CMA_C1064 - Authorize remote access to privileged commands Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
01c387ea-383d-4ca9-295a-977fab516b03
Regulatory Compliance 39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program CMA_0257 - Establish a privacy program Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
39eb03c1-97cc-11ab-0960-6209ed2869f7
Regulatory Compliance 3545c827-26ee-282d-4629-23952a12008b Conduct incident response testing CMA_0060 - Conduct incident response testing Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
3545c827-26ee-282d-4629-23952a12008b
Regulatory Compliance 8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection CMA_0238 - Enable network protection Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
8c255136-994b-9616-79f5-ae87810e0dcf
Regulatory Compliance d4e6a629-28eb-79a9-000b-88030e4823ca Coordinate with external organizations to achieve cross org perspective CMA_C1368 - Coordinate with external organizations to achieve cross org perspective Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
d4e6a629-28eb-79a9-000b-88030e4823ca
Regulatory Compliance 6f3866e8-6e12-69cf-788c-809d426094a1 Establish electronic signature and certificate requirements CMA_0271 - Establish electronic signature and certificate requirements Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
6f3866e8-6e12-69cf-788c-809d426094a1
Regulatory Compliance fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access CMA_0382 - Notify users of system logon or access Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
fe2dff43-0a8c-95df-0432-cb1c794b17d0
Regulatory Compliance 9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements CMA_0122 - Define mobile device requirements Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4
Regulatory Compliance c42f19c9-5d88-92da-0742-371a0ea03126 Clear personnel with access to classified information CMA_0054 - Clear personnel with access to classified information Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
c42f19c9-5d88-92da-0742-371a0ea03126
Regulatory Compliance 85335602-93f5-7730-830b-d43426fd51fa Integrate Audit record analysis CMA_C1120 - Integrate Audit record analysis Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
85335602-93f5-7730-830b-d43426fd51fa
Regulatory Compliance 4ce91e4e-6dab-3c46-011a-aa14ae1561bf Maintain list of authorized remote maintenance personnel CMA_C1420 - Maintain list of authorized remote maintenance personnel Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
4ce91e4e-6dab-3c46-011a-aa14ae1561bf
Regulatory Compliance 34aac8b2-488a-2b96-7280-5b9b481a317a Incorporate flaw remediation into configuration management CMA_C1671 - Incorporate flaw remediation into configuration management Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
34aac8b2-488a-2b96-7280-5b9b481a317a
Regulatory Compliance 575ed5e8-4c29-99d0-0e4d-689fb1d29827 Automate approval request for proposed changes CMA_C1192 - Automate approval request for proposed changes Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
575ed5e8-4c29-99d0-0e4d-689fb1d29827
Regulatory Compliance c2eabc28-1e5c-78a2-a712-7cc176c44c07 Implement a penetration testing methodology CMA_0306 - Implement a penetration testing methodology Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
c2eabc28-1e5c-78a2-a712-7cc176c44c07
Regulatory Compliance b0e3035d-6366-2e37-796e-8bcab9c649e6 Establish a threat intelligence program CMA_0260 - Establish a threat intelligence program Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
b0e3035d-6366-2e37-796e-8bcab9c649e6
Regulatory Compliance aa892c0d-2c40-200c-0dd8-eac8c4748ede Employ automatic emergency lighting CMA_0209 - Employ automatic emergency lighting Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
aa892c0d-2c40-200c-0dd8-eac8c4748ede
Regulatory Compliance 9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem CMA_0340 - Integrate cloud app security with a siem Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9
Regulatory Compliance 70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly CMA_0476 - Review role group changes weekly Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
70fe686f-1f91-7dab-11bf-bca4201e183b
Regulatory Compliance 496b407d-9b9e-81e8-4ba4-44bc686b016a Conduct exit interview upon termination CMA_0058 - Conduct exit interview upon termination Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
496b407d-9b9e-81e8-4ba4-44bc686b016a
Regulatory Compliance 08ad71d0-52be-6503-4908-e015460a16ae Require use of individual authenticators CMA_C1305 - Require use of individual authenticators Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
08ad71d0-52be-6503-4908-e015460a16ae
Regulatory Compliance f2222056-062d-1060-6dc2-0107a68c34b2 Manage a secure surveillance camera system CMA_0354 - Manage a secure surveillance camera system Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
f2222056-062d-1060-6dc2-0107a68c34b2
Regulatory Compliance 98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users CMA_0545 - View and investigate restricted users Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
98145a9b-428a-7e81-9d14-ebb154a24f93
Regulatory Compliance 0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria CMA_0187 - Document acquisition contract acceptance criteria Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
0803eaa7-671c-08a7-52fd-ac419f775e75
Monitoring 050a90d5-7cce-483f-8f6c-0df462036dda Configure Linux Virtual Machine Scale Sets to be associated with a Data Collection Rule Deploy Association to link Linux virtual machine scale sets to the specified Data Collection Rule. The list of locations and OS images are updated over time as support is increased. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 002
Log Analytics Contributor
Monitoring Contributor
change
2022-09-13 16:35:29
Major (2.0.0 > 3.0.0)
Regulatory Compliance afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices CMA_0279 - Establish security requirements for the manufacturing of connected devices Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
afbecd30-37ee-a27b-8e09-6ac49951a0ee
Regulatory Compliance 37dbe3dc-0e9c-24fa-36f2-11197cbfa207 Ensure authorized users protect provided authenticators CMA_C1339 - Ensure authorized users protect provided authenticators Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
37dbe3dc-0e9c-24fa-36f2-11197cbfa207
Regulatory Compliance df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems CMA_0325 - Implement security engineering principles of information systems Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
df2e9507-169b-4114-3a52-877561ee3198
Regulatory Compliance d93fe1be-13e4-421d-9c21-3158e2fa2667 Implement plans of action and milestones for security program process CMA_C1737 - Implement plans of action and milestones for security program process Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
d93fe1be-13e4-421d-9c21-3158e2fa2667
Regulatory Compliance 477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M CMA_C1156 - Develop POA&M Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
477bd136-7dd9-55f8-48ac-bae096b86a07
Regulatory Compliance 1e0d5ba8-a433-01aa-829c-86b06c9631ec Include dynamic reconfig of customer deployed resources CMA_C1364 - Include dynamic reconfig of customer deployed resources Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
1e0d5ba8-a433-01aa-829c-86b06c9631ec
Regulatory Compliance 6b957f60-54cd-5752-44d5-ff5a64366c93 Develop SSP that meets criteria CMA_C1492 - Develop SSP that meets criteria Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
6b957f60-54cd-5752-44d5-ff5a64366c93
Regulatory Compliance b8ec9ebb-5b7f-8426-17c1-2bc3fcd54c6e Implement methods for consumer requests CMA_0319 - Implement methods for consumer requests Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
b8ec9ebb-5b7f-8426-17c1-2bc3fcd54c6e
Regulatory Compliance 37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events CMA_0013 - Assess information security events Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
37b0045b-3887-367b-8b4d-b9a6fa911bb9
Regulatory Compliance 3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers CMA_0321 - Implement parameters for memorized secret verifiers Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
3b30aa25-0f19-6c04-5ca4-bd3f880a763d
Regulatory Compliance aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system CMA_0338 - Install an alarm system Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
aa0ddd99-43eb-302d-3f8f-42b499182960
Regulatory Compliance 8b1f29eb-1b22-4217-5337-9207cb55231e Perform information input validation CMA_C1723 - Perform information input validation Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
8b1f29eb-1b22-4217-5337-9207cb55231e
Regulatory Compliance 9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review CMA_0515 - Undergo independent security review Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
9b55929b-0101-47c0-a16e-d6ac5c7d21f8
Regulatory Compliance c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans CMA_0086 - Coordinate contingency plans with related plans Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
c5784049-959f-6067-420c-f4cefae93076
Regulatory Compliance 07b42fb5-027e-5a3c-4915-9d9ef3020ec7 Discover any indicators of compromise CMA_C1702 - Discover any indicators of compromise Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
07b42fb5-027e-5a3c-4915-9d9ef3020ec7
Regulatory Compliance 0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data CMA_0544 - View and configure system diagnostic data Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
0123edae-3567-a05a-9b05-b53ebe9d3e7e
Regulatory Compliance e0c480bf-0d68-a42d-4cbb-b60f851f8716 Implement personnel screening CMA_0322 - Implement personnel screening Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
e0c480bf-0d68-a42d-4cbb-b60f851f8716
Monitoring 17b3de92-f710-4cf4-aa55-0e7859f1ed7b [Preview]: Configure system-assigned managed identity to enable Azure Monitor assignments on VMs Configure system-assigned managed identity to virtual machines hosted in Azure that are supported by Azure Monitor and do not have a system-assigned managed identity. A system-assigned managed identity is a prerequisite for all Azure Monitor assignments and must be added to machines before using any Azure Monitor extension. Target virtual machines must be in a supported location. Default
Modify
Allowed
Modify, Disabled
count: 003
Managed Identity Contributor
Managed Identity Operator
Virtual Machine Contributor
change
2022-09-13 16:35:29
Major, suffix remains equal (5.0.0-preview > 6.0.0-preview)
Regulatory Compliance 0461cacd-0b3b-4f66-11c5-81c9b19a3d22 Verify inaccurate or outdated PII CMA_C1823 - Verify inaccurate or outdated PII Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
0461cacd-0b3b-4f66-11c5-81c9b19a3d22
Regulatory Compliance 4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures CMA_0268 - Establish backup policies and procedures Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
4f23967c-a74b-9a09-9dc2-f566f61a87b9
Regulatory Compliance 7bdb79ea-16b8-453e-4ca4-ad5b16012414 Transfer backup information to an alternate storage site CMA_C1294 - Transfer backup information to an alternate storage site Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
7bdb79ea-16b8-453e-4ca4-ad5b16012414
Regulatory Compliance a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract CMA_0200 - Document security documentation requirements in acquisition contract Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
a465e8e9-0095-85cb-a05f-1dd4960d02af
Regulatory Compliance dbcef108-7a04-38f5-8609-99da110a2a57 Determine information protection needs CMA_C1750 - Determine information protection needs Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
dbcef108-7a04-38f5-8609-99da110a2a57
Regulatory Compliance 1beb1269-62ee-32cd-21ad-43d6c9750eb6 Ensure privacy program information is publicly available CMA_C1867 - Ensure privacy program information is publicly available Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
1beb1269-62ee-32cd-21ad-43d6c9750eb6
Regulatory Compliance 423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards CMA_0161 - Develop security safeguards Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
423f6d9c-0c73-9cc6-64f4-b52242490368
Regulatory Compliance 7a489c62-242c-5db9-74df-c073056d6fa3 Designate personnel to supervise unauthorized maintenance activities CMA_C1422 - Designate personnel to supervise unauthorized maintenance activities Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
7a489c62-242c-5db9-74df-c073056d6fa3
Regulatory Compliance 1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users CMA_0419 - Provide security training for new users Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
1cb7bf71-841c-4741-438a-67c65fdd7194
Regulatory Compliance 921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes CMA_0267 - Establish authenticator types and processes Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0
Monitoring 2ea82cdd-f2e8-4500-af75-67a2e084ca74 Configure Linux Machines to be associated with a Data Collection Rule Deploy Association to link Linux virtual machines, virtual machine scale sets, and Arc machines to the specified Data Collection Rule. The list of locations and OS images are updated over time as support is increased. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 002
Log Analytics Contributor
Monitoring Contributor
change
2022-09-13 16:35:29
Major (4.0.0 > 5.0.0)
Regulatory Compliance 68a39c2b-0f17-69ee-37a3-aa10f9853a08 Establish voip usage restrictions CMA_0280 - Establish voip usage restrictions Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
68a39c2b-0f17-69ee-37a3-aa10f9853a08
Monitoring a4034bc6-ae50-406d-bf76-50f4ee5a7811 Configure Linux virtual machines to run Azure Monitor Agent with system-assigned managed identity-based authentication Automate the deployment of Azure Monitor Agent extension on your Linux virtual machines for collecting telemetry data from the guest OS. This policy will install the extension if the OS and region are supported and system-assigned managed identity is enabled, and skip install otherwise. Learn more: https://aka.ms/AMAOverview. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 001
Virtual Machine Contributor
change
2022-09-13 16:35:29
Major (2.1.0 > 3.0.0)
Regulatory Compliance 2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access CMA_0418 - Provide security training before providing access Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
2b05dca2-25ec-9335-495c-29155f785082
Regulatory Compliance ffdaa742-0d6f-726f-3eac-6e6c34e36c93 Establish usage restrictions for mobile code technologies CMA_C1652 - Establish usage restrictions for mobile code technologies Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
ffdaa742-0d6f-726f-3eac-6e6c34e36c93
Regulatory Compliance 6228396e-2ace-7ca5-3247-45767dbf52f4 Notify personnel upon sanctions CMA_0380 - Notify personnel upon sanctions Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
6228396e-2ace-7ca5-3247-45767dbf52f4
Regulatory Compliance 5decc032-95bd-2163-9549-a41aba83228e Implement formal sanctions process CMA_0317 - Implement formal sanctions process Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
5decc032-95bd-2163-9549-a41aba83228e
Regulatory Compliance f8ded0c6-a668-9371-6bb6-661d58787198 Monitor third-party provider compliance CMA_C1533 - Monitor third-party provider compliance Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
f8ded0c6-a668-9371-6bb6-661d58787198
Regulatory Compliance 426c172c-9914-10d1-25dd-669641fc1af4 Enable detection of network devices CMA_0220 - Enable detection of network devices Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
426c172c-9914-10d1-25dd-669641fc1af4
Regulatory Compliance f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly CMA_0461 - Review administrator assignments weekly Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
f27a298f-9443-014a-0d40-fef12adf0259
Regulatory Compliance 60ee1260-97f0-61bb-8155-5d8b75743655 Separate duties of individuals CMA_0492 - Separate duties of individuals Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
60ee1260-97f0-61bb-8155-5d8b75743655
Regulatory Compliance 36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices CMA_0083 - Control use of portable storage devices Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
36b74844-4a99-4c80-1800-b18a516d1585
Regulatory Compliance 04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines CMA_0190 - Document and implement wireless access guidelines Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
04b3e7f6-4841-888d-4799-cda19a0084f6
Regulatory Compliance 2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training CMA_0413 - Provide information spillage training Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
2d4d0e90-32d9-4deb-2166-a00d51ed57c0
Regulatory Compliance cc057769-01d9-95ad-a36f-1e62a7f9540b Update POA&M items CMA_C1157 - Update POA&M items Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
cc057769-01d9-95ad-a36f-1e62a7f9540b
Regulatory Compliance 80a97208-264e-79da-0cc7-4fca179a0c9c Protect against and prevent data theft from departing employees CMA_0398 - Protect against and prevent data theft from departing employees Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
80a97208-264e-79da-0cc7-4fca179a0c9c
Regulatory Compliance 6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use CMA_0450 - Restrict media use Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
6122970b-8d4a-7811-0278-4c6c68f61e4f
Regulatory Compliance 516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training CMA_C1091 - Provide periodic security awareness training Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
516be556-1353-080d-2c2f-f46f000d5785
Regulatory Compliance c246d146-82b0-301f-32e7-1065dcd248b7 Review changes for any unauthorized changes CMA_C1204 - Review changes for any unauthorized changes Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
c246d146-82b0-301f-32e7-1065dcd248b7
Regulatory Compliance 5020f3f4-a579-2f28-72a8-283c5a0b15f9 Restrict communications CMA_0449 - Restrict communications Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
5020f3f4-a579-2f28-72a8-283c5a0b15f9
Regulatory Compliance 0a24f5dc-8c40-94a7-7aee-bb7cd4781d37 Issue guidelines for ensuring data quality and integrity CMA_C1824 - Issue guidelines for ensuring data quality and integrity Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
0a24f5dc-8c40-94a7-7aee-bb7cd4781d37
Regulatory Compliance 93fa357f-2e38-22a9-5138-8cc5124e1923 Categorize information CMA_0052 - Categorize information Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
93fa357f-2e38-22a9-5138-8cc5124e1923
Monitoring 56a3e4f8-649b-4fac-887e-5564d11e8d3a Configure Linux virtual machine scale sets to run Azure Monitor Agent with system-assigned managed identity-based authentication Automate the deployment of Azure Monitor Agent extension on your Linux virtual machine scale sets for collecting telemetry data from the guest OS. This policy will install the extension if the OS and region are supported and system-assigned managed identity is enabled, and skip install otherwise. Learn more: https://aka.ms/AMAOverview. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 001
Virtual Machine Contributor
change
2022-09-13 16:35:29
Major (2.1.0 > 3.0.0)
Regulatory Compliance 79c75b38-334b-1a69-65e0-a9d929a42f75 Document the legal basis for processing personal information CMA_0206 - Document the legal basis for processing personal information Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
79c75b38-334b-1a69-65e0-a9d929a42f75
Regulatory Compliance 1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan CMA_C1144 - Develop security assessment plan Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6
Regulatory Compliance 8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers CMA_0270 - Establish configuration management requirements for developers Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
8747b573-8294-86a0-8914-49e9b06a5ace
Regulatory Compliance 2af551d5-1775-326a-0589-590bfb7e9eb2 Limit privileges to make changes in production environment CMA_C1206 - Limit privileges to make changes in production environment Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
2af551d5-1775-326a-0589-590bfb7e9eb2
Regulatory Compliance eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism CMA_0208 - Employ a media sanitization mechanism Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
eaaae23f-92c9-4460-51cf-913feaea4d52
Regulatory Compliance 62fa14f0-4cbe-762d-5469-0899a99b98aa Explicitly notify use of collaborative computing devices CMA_C1649 - Explicitly notify use of collaborative computing devices Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
62fa14f0-4cbe-762d-5469-0899a99b98aa
Regulatory Compliance d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment CMA_0387 - Perform a privacy impact assessment Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
d18af1ac-0086-4762-6dc8-87cdded90e39
Regulatory Compliance 5e4e9685-3818-5934-0071-2620c4fa2ca5 Retain previous versions of baseline configs CMA_C1181 - Retain previous versions of baseline configs Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
5e4e9685-3818-5934-0071-2620c4fa2ca5
Regulatory Compliance 069101ac-4578-31da-0cd4-ff083edd3eb4 Obtain consent prior to collection or processing of personal data CMA_0385 - Obtain consent prior to collection or processing of personal data Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
069101ac-4578-31da-0cd4-ff083edd3eb4
Regulatory Compliance c2cb4658-44dc-9d11-3dad-7c6802dd5ba3 Generate error messages CMA_C1724 - Generate error messages Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
c2cb4658-44dc-9d11-3dad-7c6802dd5ba3
Regulatory Compliance d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access CMA_0411 - Protect wireless access Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
d42a8f69-a193-6cbc-48b9-04a9e29961f1
Regulatory Compliance 4781e5fd-76b8-7d34-6df3-a0a7fca47665 Prevent identifier reuse for the defined time period CMA_C1314 - Prevent identifier reuse for the defined time period Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
4781e5fd-76b8-7d34-6df3-a0a7fca47665
Regulatory Compliance 509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements CMA_0248 - Enforce rules of behavior and access agreements Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
509552f5-6528-3540-7959-fbeae4832533
Regulatory Compliance 13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts CMA_0199 - Document security assurance requirements in acquisition contracts Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
13efd2d7-3980-a2a4-39d0-527180c009e8
Regulatory Compliance e89436d8-6a93-3b62-4444-1d2a42ad56b2 Reevaluate access upon personnel transfer CMA_0424 - Reevaluate access upon personnel transfer Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
e89436d8-6a93-3b62-4444-1d2a42ad56b2
Regulatory Compliance af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures CMA_0158 - Develop information security policies and procedures Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
af227964-5b8b-22a2-9364-06d2cb9d6d7c
Regulatory Compliance b8a9bb2f-7290-3259-85ce-dca7d521302d Initiate transfer or reassignment actions CMA_0333 - Initiate transfer or reassignment actions Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
b8a9bb2f-7290-3259-85ce-dca7d521302d
Regulatory Compliance 055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard CMA_0152 - Develop and maintain a vulnerability management standard Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
055da733-55c6-9e10-8194-c40731057ec4
Regulatory Compliance 623b5f0a-8cbd-03a6-4892-201d27302f0c Define information system account types CMA_0121 - Define information system account types Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
623b5f0a-8cbd-03a6-4892-201d27302f0c
Regulatory Compliance f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events CMA_0471 - Review controlled folder access events Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
f48b60c6-4b37-332f-7288-b6ea50d300eb
Regulatory Compliance 43ac3ccb-4ef6-7d63-9a3f-6848485ba4e8 Automate process to document implemented changes CMA_C1195 - Automate process to document implemented changes Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
43ac3ccb-4ef6-7d63-9a3f-6848485ba4e8
Regulatory Compliance 9c93ef57-7000-63fb-9b74-88f2e17ca5d2 Disseminate security alerts to personnel CMA_C1705 - Disseminate security alerts to personnel Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
9c93ef57-7000-63fb-9b74-88f2e17ca5d2
Regulatory Compliance 585af6e9-90c0-4575-67a7-2f9548972e32 Review and reevaluate privileges CMA_C1207 - Review and reevaluate privileges Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
585af6e9-90c0-4575-67a7-2f9548972e32
Regulatory Compliance d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts CMA_0195 - Document protection of security information in acquisition contracts Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
d78f95ba-870a-a500-6104-8a5ce2534f19
Regulatory Compliance 098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice CMA_0414 - Provide privacy notice Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
098a7b84-1031-66d8-4e78-bd15b5fd2efb
Regulatory Compliance 8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment CMA_0388 - Perform a risk assessment Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc
Regulatory Compliance 291f20d4-8d93-1d73-89f3-6ce28b825563 Authorize, monitor, and control usage of mobile code technologies CMA_C1653 - Authorize, monitor, and control usage of mobile code technologies Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
291f20d4-8d93-1d73-89f3-6ce28b825563
Regulatory Compliance a08b18c7-9e0a-89f1-3696-d80902196719 Document access privileges CMA_0186 - Document access privileges Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
a08b18c7-9e0a-89f1-3696-d80902196719
Regulatory Compliance 6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior CMA_0465 - Review and sign revised rules of behavior Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
6c0a312f-04c5-5c97-36a5-e56763a02b6b
Regulatory Compliance 10874318-0bf7-a41f-8463-03e395482080 Correlate audit records CMA_0087 - Correlate audit records Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
10874318-0bf7-a41f-8463-03e395482080
Regulatory Compliance b5a4be05-3997-1731-3260-98be653610f6 Perform disposition review CMA_0391 - Perform disposition review Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
b5a4be05-3997-1731-3260-98be653610f6
Regulatory Compliance 4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets CMA_0370 - Manage the transportation of assets Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
4ac81669-00e2-9790-8648-71bc11bc91eb
Regulatory Compliance a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks CMA_0486 - Run simulation attacks Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
a8f9c283-9a66-3eb3-9e10-bdba95b85884
Regulatory Compliance 5b802722-71dd-a13d-2e7e-231e09589efb Implement privileged access for executing vulnerability scanning activities CMA_C1555 - Implement privileged access for executing vulnerability scanning activities Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
5b802722-71dd-a13d-2e7e-231e09589efb
Regulatory Compliance b6b32f80-a133-7600-301e-398d688e7e0c Evaluate and review PII holdings regularly CMA_C1832 - Evaluate and review PII holdings regularly Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
b6b32f80-a133-7600-301e-398d688e7e0c
Regulatory Compliance 5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources CMA_C1077 - Establish terms and conditions for processing resources Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
5715bf33-a5bd-1084-4e19-bc3c83ec1c35
Regulatory Compliance 21633c09-804e-7fcd-78e3-635c6bfe2be7 Provide capability to process customer-controlled audit records CMA_C1126 - Provide capability to process customer-controlled audit records Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
21633c09-804e-7fcd-78e3-635c6bfe2be7
Regulatory Compliance 8e49107c-3338-40d1-02aa-d524178a2afe Deliver security assessment results CMA_C1147 - Deliver security assessment results Default
Manual
Allowed
Manual, Disabled
add
2022-09-13 16:35:29
8e49107c-3338-40d1-02aa-d524178a2afe
Regulatory Compliance bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes CMA_0265 - Establish and document change control processes Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
bd4dc286-2f30-5b95-777c-681f3a7913d3
Regulatory Compliance b8dad106-6444-5f55-307e-1e1cc9723e39 Ensure cryptographic mechanisms are under configuration management CMA_C1199 - Ensure cryptographic mechanisms are under configuration management Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
b8dad106-6444-5f55-307e-1e1cc9723e39
Regulatory Compliance 056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements CMA_0487 - Satisfy token quality requirements Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
056a723b-4946-9d2a-5243-3aa27c4d31a1
Regulatory Compliance b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption CMA_0403 - Protect data in transit using encryption Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
b11697e8-9515-16f1-7a35-477d5c8a1344
Regulatory Compliance a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities CMA_C1108 - Configure Azure Audit capabilities Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
a3e98638-51d4-4e28-910a-60e98c1a756f
Regulatory Compliance 1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities CMA_0507 - Support personal verification credentials issued by legal authorities Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
1d39b5d9-0392-8954-8359-575ce1957d1a
Regulatory Compliance 6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data CMA_0466 - Review audit data Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
6625638f-3ba1-7404-5983-0ea33d719d34
Regulatory Compliance af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization CMA_0495 - Set automated notifications for new and trending cloud applications in your organization Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
af38215f-70c4-0cd6-40c2-c52d86690a45
Regulatory Compliance b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices CMA_0062 - Configure actions for noncompliant devices Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
b53aa659-513e-032c-52e6-1ce0ba46582f
Regulatory Compliance 3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines CMA_0196 - Document remote access guidelines Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
3d492600-27ba-62cc-a1c3-66eb919f6a0d
Regulatory Compliance c0559109-6a27-a217-6821-5a6d44f92897 Maintain integrity of audit system CMA_C1133 - Maintain integrity of audit system Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
c0559109-6a27-a217-6821-5a6d44f92897
Regulatory Compliance e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management CMA_0533 - Use privileged identity management Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
e714b481-8fac-64a2-14a9-6f079b2501a4
Regulatory Compliance 7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board CMA_0254 - Establish a configuration control board Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
7380631c-5bf5-0e3a-4509-0873becd8a63
Regulatory Compliance 2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Enable dual or joint authorization CMA_0226 - Enable dual or joint authorization Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
2c843d78-8f64-92b5-6a9b-e8186c0e7eb6
Regulatory Compliance 48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization CMA_0376 - Monitor access across the organization Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
48c816c5-2190-61fc-8806-25d6f3df162f
Security Center 951c1558-50a5-4ca3-abb6-a93e3e2367a6 Configure Microsoft Defender for SQL to be enabled on Synapse workspaces Enable Microsoft Defender for SQL on your Azure Synapse workspaces to detect anomalous activities indicating unusual and potentially harmful attempts to access or exploit SQL databases. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 001
SQL Security Manager
add
2022-09-02 16:33:37
951c1558-50a5-4ca3-abb6-a93e3e2367a6
Regulatory Compliance 55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access CMA_0081 - Control physical access Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
55a7f9a0-6397-7589-05ef-5ed59a8149e7
Regulatory Compliance 63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways CMA_0363 - Manage gateways Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
63f63e71-6c3f-9add-4c43-64de23e554a7
Regulatory Compliance fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly CMA_0479 - Review threat protection status weekly Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
fad161f5-5261-401a-22dd-e037bae011bd
Regulatory Compliance de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation CMA_0431 - Require approval for account creation Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
de770ba6-50dd-a316-2932-e0d972eaa734
Guest Configuration 2454bbee-dc19-442f-83fc-7f3114cafd91 Windows machines should use the default NTP server Setup the 'time.windows.com' as the default NTP Server for all Windows machines to ensure logs across all systems have system clocks that are all in sync. This policy requires that the Guest Configuration prerequisites have been deployed to the policy assignment scope. For more information on Guest Configuration, visit https://aka.ms/gcpol. Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
add
2022-09-02 16:33:37
2454bbee-dc19-442f-83fc-7f3114cafd91
Regulatory Compliance e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators CMA_0329 - Implement training for protecting authenticators Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
e4b00788-7e1c-33ec-0418-d048508e095b
Security Center d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Enable Defender for SQL to protect your Synapse workspaces. Defender for SQL monitors your Synapse SQL to detect anomalous activities indicating unusual and potentially harmful attempts to access or exploit databases. Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
add
2022-09-02 16:33:37
d31e5c31-63b2-4f12-887b-e49456834fa1
Regulatory Compliance 2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events CMA_0137 - Determine auditable events Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
2f67e567-03db-9d1f-67dc-b6ffb91312f4
Regulatory Compliance 49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status CMA_0020 - Audit user account status Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
49c23d9b-02b0-0e42-4f94-e8cef1b8381b
Regulatory Compliance be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws CMA_0427 - Remediate information system flaws Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
be38a620-000b-21cf-3cb3-ea151b704c3b
Guest Configuration d96163de-dbe0-45ac-b803-0e9ca0f5764e Windows machines should configure Windows Defender to update protection signatures within one day To provide adequate protection against newly released malware, Windows Defender protection signatures need to be updated regularly to account for newly released malware. This policy requires that the Guest Configuration prerequisites have been deployed to the policy assignment scope. For more information on Guest Configuration, visit https://aka.ms/gcpol. Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
add
2022-09-02 16:33:37
d96163de-dbe0-45ac-b803-0e9ca0f5764e
Regulatory Compliance d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management CMA_0123 - Define organizational requirements for cryptographic key management Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c
Regulatory Compliance cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites CMA_0315 - Implement controls to secure alternate work sites Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e
Regulatory Compliance 398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards CMA_0272 - Establish firewall and router configuration standards Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
398fdbd8-56fd-274d-35c6-fa2d3b2755a1
Regulatory Compliance 34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts CMA_0368 - Manage system and admin accounts Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
34d38ea7-6754-1838-7031-d7fd07099821
Regulatory Compliance 3ad7f0bc-3d03-0585-4d24-529779bb02c2 Maintain availability of information CMA_C1644 - Maintain availability of information Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
3ad7f0bc-3d03-0585-4d24-529779bb02c2
Guest Configuration b3248a42-b1c1-41a4-87bc-8bad3d845589 Windows machines should enable Windows Defender Real-time protection Windows machines should enable the Real-time protection in the Windows Defender to provide adequate protection against newly released malware. This policy requires that the Guest Configuration prerequisites have been deployed to the policy assignment scope. For more information on Guest Configuration, visit https://aka.ms/gcpol. Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
add
2022-09-02 16:33:37
b3248a42-b1c1-41a4-87bc-8bad3d845589
Regulatory Compliance 86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved CMA_C1700 - Detect network services that have not been authorized or approved Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
86ecd378-a3a0-5d5b-207c-05e6aaca43fc
Regulatory Compliance 03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model CMA_0129 - Design an access control model Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
03b6427e-6072-4226-4bd9-a410ab65317e
Regulatory Compliance 7805a343-275c-41be-9d62-7215b96212d8 Reassign or remove user privileges as needed CMA_C1040 - Reassign or remove user privileges as needed Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
7805a343-275c-41be-9d62-7215b96212d8
Regulatory Compliance 10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access CMA_0245 - Enforce logical access Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
10c4210b-3ec9-9603-050d-77e4d26c7ebb
Regulatory Compliance e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data CMA_0369 - Manage the input, output, processing, and storage of data Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2
Regulatory Compliance c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use CMA_0120 - Define cryptographic use Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42
Regulatory Compliance 5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution CMA_0514 - Turn on sensors for endpoint security solution Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
5fc24b95-53f7-0ed1-2330-701b539b97fe
Regulatory Compliance 7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data CMA_0455 - Retain terminated user data Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
7c7032fe-9ce6-9092-5890-87a1a3755db1
Regulatory Compliance 3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB CMA_0050 - Block untrusted and unsigned processes that run from USB Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
3d399cf3-8fc6-0efc-6ab0-1412f1198517
Regulatory Compliance efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures CMA_0454 - Retain security policies and procedures Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
efef28d0-3226-966a-a1e8-70e89c1b30bc
Regulatory Compliance ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions CMA_0517 - Update antivirus definitions Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65
Regulatory Compliance ece8bb17-4080-5127-915f-dc7267ee8549 Verify security functions CMA_C1708 - Verify security functions Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
ece8bb17-4080-5127-915f-dc7267ee8549
Regulatory Compliance 873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts CMA_0446 - Restrict access to privileged accounts Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
873895e8-0e3a-6492-42e9-22cd030e9fcd
Regulatory Compliance 2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management CMA_0026 - Automate account management Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
2cc9c165-46bd-9762-5739-d2aae5ba90a1
Regulatory Compliance 59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow CMA_0079 - Control information flow Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
59bedbdc-0ba9-39b9-66bb-1d1c192384e6
Regulatory Compliance 4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly CMA_0475 - Review malware detections report weekly Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
4a6f5cbd-6c6b-006f-2bb1-091af1441bce
Regulatory Compliance 79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information CMA_0211 - Employ flow control mechanisms of encrypted information Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
79365f13-8ba4-1f6c-2ac4-aa39929f56d0
Regulatory Compliance 6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module CMA_0021 - Authenticate to cryptographic module Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
6f1de470-79f3-1572-866e-db0771352fc8
Regulatory Compliance 97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates CMA_0347 - Issue public key certificates Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
97d91b33-7050-237b-3e23-a77d57d84e13
Security Center f85bf3e0-d513-442e-89c3-1784ad63382b [Preview]: System updates should be installed on your machines (powered by Update Center) Your machines are missing system, security, and critical updates. Software updates often include critical patches to security holes. Such holes are frequently exploited in malware attacks so it's vital to keep your software updated. To install all outstanding patches and secure your machines, follow the remediation steps. Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
add
2022-09-02 16:33:37
f85bf3e0-d513-442e-89c3-1784ad63382b
Storage f81e3117-0093-4b17-8a60-82363134f0eb Configure secure transfer of data on a storage account Secure transfer is an option that forces storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking Default
Modify
Allowed
Modify, Disabled
count: 001
Storage Account Contributor
add
2022-09-02 16:33:37
f81e3117-0093-4b17-8a60-82363134f0eb
Regulatory Compliance 3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure CMA_0255 - Establish a data leakage management procedure Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
3c9aa856-6b86-35dc-83f4-bc72cec74dea
Regulatory Compliance dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access CMA_0024 - Authorize remote access Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c
Regulatory Compliance 2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations CMA_0153 - Develop and maintain baseline configurations Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
2f20840e-7925-221c-725d-757442753e7c
Regulatory Compliance 8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys CMA_0445 - Restrict access to private keys Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
8d140e8b-76c7-77de-1d46-ed1b2e112444
Regulatory Compliance 333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities CMA_0289 - Govern and monitor audit processing activities Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
333b4ada-4a02-0648-3d4d-d812974f1bb2
Regulatory Compliance 4502e506-5f35-0df4-684f-b326e3cc7093 Terminate user session automatically CMA_C1054 - Terminate user session automatically Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
4502e506-5f35-0df4-684f-b326e3cc7093
Regulatory Compliance 058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings CMA_0249 - Enforce security configuration settings Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
058e9719-1ff9-3653-4230-23f76b6492e0
Regulatory Compliance c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges CMA_0298 - Identify and manage downstream information exchanges Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c
Regulatory Compliance 0e696f5a-451f-5c15-5532-044136538491 Protect audit information CMA_0401 - Protect audit information Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
0e696f5a-451f-5c15-5532-044136538491
Regulatory Compliance 7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements CMA_0136 - Determine assertion requirements Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
7a0ecd94-3699-5273-76a5-edb8499f655a
Regulatory Compliance a315c657-4a00-8eba-15ac-44692ad24423 Protect special information CMA_0409 - Protect special information Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
a315c657-4a00-8eba-15ac-44692ad24423
Regulatory Compliance 32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate CMA_0483 - Revoke privileged roles as appropriate Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
32f22cfa-770b-057c-965b-450898425519
Regulatory Compliance eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data CMA_0481 - Review user groups and applications with access to sensitive data Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
eb1c944e-0e94-647b-9b7e-fdb8d2af0838
Regulatory Compliance 518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training CMA_0415 - Provide privacy training Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
518eafdd-08e5-37a9-795b-15a8d798056d
Regulatory Compliance 83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training CMA_0191 - Document mobility training Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
83dfb2b8-678b-20a0-4c44-5c75ada023e6
Regulatory Compliance aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information CMA_0022 - Authorize access to security functions and information Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
aeed863a-0f56-429f-945d-8bb66bd06841
Regulatory Compliance e3905a3c-97e7-0b4f-15fb-465c0927536f Correlate Vulnerability scan information CMA_C1558 - Correlate Vulnerability scan information Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
e3905a3c-97e7-0b4f-15fb-465c0927536f
Regulatory Compliance 51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process CMA_0115 - Define a physical key management process Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7
Regulatory Compliance e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness CMA_0250 - Enforce user uniqueness Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
e336d5f4-4d8f-0059-759c-ae10f63d1747
Regulatory Compliance b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies CMA_0246 - Enforce mandatory and discretionary access control policies Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
b1666a13-8f67-9c47-155e-69e027ff6823
Regulatory Compliance 79f081c7-1634-01a1-708e-376197999289 Review user accounts CMA_0480 - Review user accounts Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
79f081c7-1634-01a1-708e-376197999289
Storage 13502221-8df0-4414-9937-de9c5c4e396b Configure your Storage account public access to be disallowed Anonymous public read access to containers and blobs in Azure Storage is a convenient way to share data but might present security risks. To prevent data breaches caused by undesired anonymous access, Microsoft recommends preventing public access to a storage account unless your scenario requires it. Default
Modify
Allowed
Modify, Disabled
count: 001
Storage Account Contributor
add
2022-09-02 16:33:37
13502221-8df0-4414-9937-de9c5c4e396b
Regulatory Compliance e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media CMA_0314 - Implement controls to secure all media Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
e435f7e3-0dd9-58c9-451f-9b44b96c0232
Regulatory Compliance 2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan CMA_0145 - Develop an incident response plan Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
2b4e134f-1e4c-2bff-573e-082d85479b6e
Guest Configuration 3810e389-1d92-4f77-9267-33bdcf0bd225 Windows machines should schedule Windows Defender to perform a scheduled scan every day Windows machines should schedule Windows Defender to perform a scheduled scan every day to ensure that malware is quickly identified to minimize the effect this may have to the environment. This policy requires that the Guest Configuration prerequisites have been deployed to the policy assignment scope. For more information on Guest Configuration, visit https://aka.ms/gcpol. Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
add
2022-09-02 16:33:37
3810e389-1d92-4f77-9267-33bdcf0bd225
Regulatory Compliance 50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access CMA_0023 - Authorize and manage access Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
50e9324a-7410-0539-0662-2c1e775538b7
Regulatory Compliance ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment CMA_0378 - Monitor privileged role assignment Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
ed87d27a-9abf-7c71-714c-61d881889da4
Regulatory Compliance f96d2186-79df-262d-3f76-f371e3b71798 Review user privileges CMA_C1039 - Review user privileges Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
f96d2186-79df-262d-3f76-f371e3b71798
Regulatory Compliance b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption CMA_0408 - Protect passwords with encryption Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
b2d3e5a2-97ab-5497-565a-71172a729d93
Regulatory Compliance 26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates CMA_0073 - Configure workstations to check for digital certificates Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
26daf649-22d1-97e9-2a8a-01b182194d59
Regulatory Compliance db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity CMA_0542 - Verify software, firmware and information integrity Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
db28735f-518f-870e-15b4-49623cbe3aa0
Regulatory Compliance f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment CMA_0273 - Establish network segmentation for card holder data environment Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
f476f3b0-4152-526e-a209-44e5f8c968d7
Regulatory Compliance 1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access CMA_0212 - Employ least privilege access Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
1bc7fd64-291f-028e-4ed6-6e07886e163f
Regulatory Compliance 9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys CMA_0367 - Manage symmetric cryptographic keys Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
9c276cf3-596f-581a-7fbd-f5e46edaa0f4
Regulatory Compliance 2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations CMA_0202 - Document security operations Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
2c6bee3a-2180-2430-440d-db3c7a849870
Regulatory Compliance 8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed CMA_0383 - Notify when account is not needed Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
8489ff90-8d29-61df-2d84-f9ab0f4c5e84
Regulatory Compliance 3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans CMA_0393 - Perform vulnerability scans Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f
Regulatory Compliance a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs CMA_0460 - Review account provisioning logs Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
a830fe9e-08c9-a4fb-420c-6f6bf1702395
Regulatory Compliance e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics CMA_0474 - Review label activity and analytics Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
e23444b9-9662-40f3-289e-6d25c02b48fa
Regulatory Compliance 33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool CMA_0311 - Implement an automated configuration management tool Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
33832848-42ab-63f3-1a55-c0ad309d44cd
Regulatory Compliance 50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats CMA_0389 - Perform a trend analysis on threats Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
50e81644-923d-33fc-6ebb-9733bc8d1a06
Regulatory Compliance ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices CMA_0296 - Identify and authenticate network devices Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
ae5345d5-8dab-086a-7290-db43a3272198
Regulatory Compliance d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination CMA_0169 - Disable authenticators upon termination Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10
Regulatory Compliance 526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan CMA_0264 - Establish and document a configuration management plan Default
Manual
Allowed
Manual, Disabled
add
2022-09-02 16:33:37
526ed90e-890f-69e7-0386-ba5c0f1f784f
Storage 59759c62-9a22-4cdf-ae64-074495983fef Configure diagnostic settings for Storage Accounts to Log Analytics workspace Deploys the diagnostic settings for Storage accounts to stream resource logs to a Log Analytics workspace when any storage accounts which is missing this diagnostic settings is created or updated. Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled
count: 002
Log Analytics Contributor
Monitoring Contributor
add
2022-08-26 16:33:38
59759c62-9a22-4cdf-ae64-074495983fef
Monitoring 2fea0c12-e7d4-4e03-b7bf-c34b2b8d787d [Preview]: Deploy Dependency agent for Linux virtual machine scale sets with Azure Monitoring Agent settings Deploy Dependency agent for Linux virtual machine scale sets with Azure Monitoring Agent settings if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all virtual machines in the set by calling upgrade on them. In CLI this would be az vmss update-instances. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 001
Virtual Machine Contributor
change
2022-08-26 16:33:38
Minor, new suffix: preview (1.0.0 > 1.1.1-preview)
Regulatory Compliance 9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage CMA_0007 - Alert personnel of information spillage Default
Manual
Allowed
Manual, Disabled
add
2022-08-26 16:33:38
9622aaa9-5c49-40e2-5bf8-660b7cd23deb
Monitoring c7f3bf36-b807-4f18-82dc-f480ad713635 [Preview]: Deploy a VMInsights Data Collection Rule and Data Collection Rule Association for all the VMSS in the Resource Group Deploy a Data Collection Rule for VMInsights and deploy Data Collection Rule Association for all the VMSSs in the Resource Group. The policy asks if enabling of Processes and Dependencies is required and accordingly creates the DCR. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 002
Log Analytics Contributor
Monitoring Contributor
change
2022-08-26 16:33:38
Patch, new suffix: preview (1.1.0 > 1.1.1-preview)
Batch c520cefc-285f-40f3-86e2-2efc38ef1f64 Configure Batch accounts to disable public network access Disabling public network access on a Batch account improves security by ensuring your Batch account can only be accessed from a private endpoint. Learn more about disabling public network access at https://docs.microsoft.com/azure/batch/private-connectivity. Default
Modify
Allowed
Modify, Disabled
count: 001
Contributor
add
2022-08-26 16:33:38
c520cefc-285f-40f3-86e2-2efc38ef1f64
App Service 0f98368e-36bc-4716-8ac2-8f8067203b63 Configure App Service apps to only be accessible over HTTPS Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Default
Modify
Allowed
Modify, Disabled
count: 001
Website Contributor
add
2022-08-26 16:33:38
0f98368e-36bc-4716-8ac2-8f8067203b63
Key Vault 951af2fa-529b-416e-ab6e-066fd85ac459 Deploy - Configure diagnostic settings for Azure Key Vault to Log Analytics workspace Deploys the diagnostic settings for Azure Key Vault to stream resource logs to a Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 002
Log Analytics Contributor
Monitoring Contributor
change
2022-08-26 16:33:38
Major (1.0.1 > 2.0.1)
Regulatory Compliance 7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms CMA_0005 - Adopt biometric authentication mechanisms Default
Manual
Allowed
Manual, Disabled
add
2022-08-26 16:33:38
7d7a8356-5c34-9a95-3118-1424cfaf192a
App Service a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Default
Audit
Allowed
Audit, Disabled, Deny
change
2022-08-26 16:33:38
Major (2.0.0 > 3.0.0)
Storage 25a70cc8-2bd4-47f1-90b6-1478e4662c96 Configure diagnostic settings for File Services to Log Analytics workspace Deploys the diagnostic settings for File Services to stream resource logs to a Log Analytics workspace when any file Service which is missing this diagnostic settings is created or updated. Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled
count: 002
Log Analytics Contributor
Monitoring Contributor
add
2022-08-26 16:33:38
25a70cc8-2bd4-47f1-90b6-1478e4662c96
Guest Configuration f40c7c00-b4e3-4068-a315-5fe81347a904 [Preview]: Add user-assigned managed identity to enable Guest Configuration assignments on virtual machines This policy adds a user-assigned managed identity to virtual machines hosted in Azure that are supported by Guest Configuration. A user-assigned managed identity is a prerequisite for all Guest Configuration assignments and must be added to machines before using any Guest Configuration policy definitions. For more information on Guest Configuration, visit https://aka.ms/gcpol. Default
DeployIfNotExists
Allowed
AuditIfNotExists, DeployIfNotExists, Disabled
count: 002
Contributor
User Access Administrator
change
2022-08-26 16:33:38
Major, suffix remains equal (1.0.0-preview > 2.0.0-preview)
Key Vault 1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key vaults should have soft delete enabled Deleting a key vault without soft delete enabled permanently deletes all secrets, keys, and certificates stored in the key vault. Accidental deletion of a key vault can lead to permanent data loss. Soft delete allows you to recover an accidentally deleted key vault for a configurable retention period. Default
Audit
Allowed
Audit, Deny, Disabled
change
2022-08-26 16:33:38
Major (2.0.0 > 3.0.0)
Security Center 7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Microsoft Defender for APIs brings new discovery, protection, detection, & response coverage to monitor for common API based attacks & security misconfigurations. Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
add
2022-08-26 16:33:38
7926a6d1-b268-4586-8197-e8ae90c877d7
Regulatory Compliance 1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined CMA_0004 - Adhere to retention periods defined Default
Manual
Allowed
Manual, Disabled
add
2022-08-26 16:33:38
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1
Storage b4fe1a3b-0715-4c6c-a5ea-ffc33cf823cb Configure diagnostic settings for Blob Services to Log Analytics workspace Deploys the diagnostic settings for Blob Services to stream resource logs to a Log Analytics workspace when any blob Service which is missing this diagnostic settings is created or updated. Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled
count: 002
Log Analytics Contributor
Monitoring Contributor
add
2022-08-26 16:33:38
b4fe1a3b-0715-4c6c-a5ea-ffc33cf823cb
Regulatory Compliance f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions CMA_0019 - Audit privileged functions Default
Manual
Allowed
Manual, Disabled
add
2022-08-26 16:33:38
f26af0b1-65b6-689a-a03f-352ad2d00f98
Monitoring d55b81e1-984f-4a96-acab-fae204e3ca7f [Preview]: Deploy Dependency agent for Linux virtual machines with Azure Monitoring Agent settings Deploy Dependency agent for Linux virtual machines with Azure Monitoring Agent settings if the VM Image (OS) is in the list defined and the agent is not installed. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 001
Log Analytics Contributor
change
2022-08-26 16:33:38
Minor, new suffix: preview (1.0.0 > 1.1.1-preview)
Storage 2fb86bf3-d221-43d1-96d1-2434af34eaa0 Configure diagnostic settings for Table Services to Log Analytics workspace Deploys the diagnostic settings for Table Services to stream resource logs to a Log Analytics workspace when any table Service which is missing this diagnostic settings is created or updated. Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled
count: 002
Log Analytics Contributor
Monitoring Contributor
add
2022-08-26 16:33:38
2fb86bf3-d221-43d1-96d1-2434af34eaa0
App Service ae1b9a8c-dfce-4605-bd91-69213b4a26fc App Service app slots should only be accessible over HTTPS Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Default
Audit
Allowed
Audit, Disabled, Deny
add
2022-08-26 16:33:38
ae1b9a8c-dfce-4605-bd91-69213b4a26fc
Monitoring bef3f64c-5290-43b7-85b0-9b254eef4c47 Deploy Diagnostic Settings for Key Vault to Log Analytics workspace Deploys the diagnostic settings for Key Vault to stream to a regional Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 002
Log Analytics Contributor
Monitoring Contributor
change
2022-08-26 16:33:38
Major (2.0.0 > 3.0.0)
Monitoring 84cfed75-dfd4-421b-93df-725b479d356a [Preview]: Configure Dependency agent on Azure Arc enabled Windows servers with Azure Monitoring Agent settings Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Dependency agent virtual machine extension with Azure Monitoring Agent settings. VM insights uses the Dependency agent to collect network metrics and discovered data about processes running on the machine and external process dependencies. See more - https://aka.ms/vminsightsdocs. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 001
Log Analytics Contributor
change
2022-08-26 16:33:38
Minor, new suffix: preview (1.0.0 > 1.1.1-preview)
App Service a18c77f2-3d6d-497a-9f61-849a7e8a3b79 Configure App Service app slots to only be accessible over HTTPS Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Default
Modify
Allowed
Modify, Disabled
count: 001
Website Contributor
add
2022-08-26 16:33:38
a18c77f2-3d6d-497a-9f61-849a7e8a3b79
Monitoring 7c4214e9-ea57-487a-b38e-310ec09bc21d [Preview]: Deploy a VMInsights Data Collection Rule and Data Collection Rule Association for Arc Machines in the Resource Group Deploy a Data Collection Rule for VMInsights and deploy Data Collection Rule Association for all the Arc Machines in the Resource Group. The policy asks if enabling of Processes and Dependencies is required and accordingly creates the DCR. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 002
Log Analytics Contributor
Monitoring Contributor
change
2022-08-26 16:33:38
Patch, new suffix: preview (1.1.0 > 1.1.1-preview)
Storage 7bd000e3-37c7-4928-9f31-86c4b77c5c45 Configure diagnostic settings for Queue Services to Log Analytics workspace Deploys the diagnostic settings for Queue Services to stream resource logs to a Log Analytics workspace when any queue Service which is missing this diagnostic settings is created or updated. Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled
count: 002
Log Analytics Contributor
Monitoring Contributor
add
2022-08-26 16:33:38
7bd000e3-37c7-4928-9f31-86c4b77c5c45
Monitoring af0082fd-fa58-4349-b916-b0e47abb0935 [Preview]: Deploy Dependency agent to be enabled on Windows virtual machine scale sets with Azure Monitoring Agent settings Deploy Dependency agent for Windows virtual machine scale sets with Azure Monitoring Agent settings if the virtual machine image is in the list defined and the agent is not installed. If your scale set upgradePolicy is set to Manual, you need to apply the extension to all the virtual machines in the set by updating them. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 001
Virtual Machine Contributor
change
2022-08-26 16:33:38
Minor, new suffix: preview (1.0.0 > 1.1.1-preview)
Monitoring a0f27bdc-5b15-4810-b81d-7c4df9df1a37 [Preview]: Deploy a VMInsights Data Collection Rule and Data Collection Rule Association for all the VMs in the Resource Group Deploy a Data Collection Rule for VMInsights and deploy Data Collection Rule Association for all the VMs in the Resource Group. The policy asks if enabling of Processes and Dependencies is required and accordingly creates the DCR. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 002
Log Analytics Contributor
Monitoring Contributor
change
2022-08-26 16:33:38
Patch, new suffix: preview (1.1.0 > 1.1.1-preview)
Monitoring 08a4470f-b26d-428d-97f4-7e3e9c92b366 [Preview]: Configure Dependency agent on Azure Arc enabled Linux servers with Azure Monitoring Agent settings Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Dependency agent virtual machine extension with Azure Monitoring Agent settings. VM insights uses the Dependency agent to collect network metrics and discovered data about processes running on the machine and external process dependencies. See more - https://aka.ms/vminsightsdocs. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 001
Log Analytics Contributor
change
2022-08-26 16:33:38
Minor, new suffix: preview (1.0.0 > 1.1.1-preview)
Security Center e54d2be9-5f2e-4d65-98e4-4f0e670b23d6 Configure Microsoft Defender for APIs should be enabled Microsoft Defender for APIs brings new discovery, protection, detection, & response coverage to monitor for common API based attacks & security misconfigurations. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 001
Security Admin
add
2022-08-26 16:33:38
e54d2be9-5f2e-4d65-98e4-4f0e670b23d6
Monitoring 89ca9cc7-25cd-4d53-97ba-445ca7a1f222 [Preview]: Deploy Dependency agent to be enabled on Windows virtual machines with Azure Monitoring Agent settings Deploy Dependency agent for Windows virtual machines with Azure Monitoring Agent settings if the virtual machine image is in the list defined and the agent is not installed. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 001
Log Analytics Contributor
change
2022-08-26 16:33:38
Minor, new suffix: preview (1.0.0 > 1.1.1-preview)
Storage 6f8f98a4-f108-47cb-8e98-91a0d85cd474 [Deprecated]: Configure diagnostic settings for storage accounts to Log Analytics workspace Deprecated: This policy did not evaluate correctly and has been separated into policies for each of the nested resources. Please see new policies for storage accounts (id: /providers/Microsoft.Authorization/policyDefinitions/59759c62-9a22-4cdf-ae64-074495983fef), blob services (b4fe1a3b-0715-4c6c-a5ea-ffc33cf823cb), file (25a70cc8-2bd4-47f1-90b6-1478e4662c96), queue (7bd000e3-37c7-4928-9f31-86c4b77c5c45), and table (2fb86bf3-d221-43d1-96d1-2434af34eaa0). Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 002
Log Analytics Contributor
Monitoring Contributor
change
2022-08-26 16:33:38
Version remains equal, new suffix: deprecated (1.3.0 > 1.3.0-deprecated)
Machine Learning 679ddf89-ab8f-48a5-9029-e76054077449 Azure Machine Learning Compute Instance should have idle shutdown. Having an idle shutdown schedule reduces cost by shutting down computes that are idle after a pre-determined period of activity. Default
Audit
Allowed
Audit, Deny, Disabled
add
2022-08-26 16:33:38
679ddf89-ab8f-48a5-9029-e76054077449
Kubernetes b6c7fd52-4723-5f4d-a157-3d39bd16a1d7 Configure Kubernetes clusters with Flux v2 configuration using Git repository and local secrets Deploy a 'fluxConfiguration' to Kubernetes clusters to assure that the clusters get their source of truth for workloads and configurations from the defined Git repository. This definition requires local authentication secrets stored in the Kubernetes cluster. For instructions, visit https://aka.ms/GitOpsFlux2Policy. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 001
Contributor
add
2022-08-19 16:33:23
b6c7fd52-4723-5f4d-a157-3d39bd16a1d7
Kubernetes 2630c91f-8a20-8f43-14a2-2485b648e2a9 Configure Kubernetes clusters with Flux v2 configuration using Git repository and HTTPS CA Certificate Deploy a 'fluxConfiguration' to Kubernetes clusters to assure that the clusters get their source of truth for workloads and configurations from the defined Git repository. This definition requires a HTTPS CA Certificate. For instructions, visit https://aka.ms/GitOpsFlux2Policy. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 001
Contributor
add
2022-08-19 16:33:23
2630c91f-8a20-8f43-14a2-2485b648e2a9
Kubernetes f9175d5f-abc8-1dc3-bd3c-5d7476ada3d1 Configure installation of Flux extension on Kubernetes cluster Install Flux extension on Kubernetes cluster to enable deployment of 'fluxconfigurations' in the cluster Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 001
Contributor
add
2022-08-19 16:33:23
f9175d5f-abc8-1dc3-bd3c-5d7476ada3d1
Kubernetes 5174c1db-ca42-e0d4-b320-4f1cf6a1fa93 Configure Kubernetes clusters with Flux v2 configuration using Bucket source and secrets in KeyVault Deploy a 'fluxConfiguration' to Kubernetes clusters to assure that the clusters get their source of truth for workloads and configurations from the defined Bucket. This definition requires a Bucket SecretKey stored in Key Vault. For instructions, visit https://aka.ms/GitOpsFlux2Policy. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 001
Contributor
add
2022-08-19 16:33:23
5174c1db-ca42-e0d4-b320-4f1cf6a1fa93
Kubernetes 9e980dca-f3e1-8da3-6717-ad37b1ca6b27 Configure Kubernetes clusters with Flux v2 configuration using Git repository and SSH secrets Deploy a 'fluxConfiguration' to Kubernetes clusters to assure that the clusters get their source of truth for workloads and configurations from the defined Git repository. This definition requires a SSH private key secret stored in Key Vault. For instructions, visit https://aka.ms/GitOpsFlux2Policy. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 001
Contributor
add
2022-08-19 16:33:23
9e980dca-f3e1-8da3-6717-ad37b1ca6b27
Kubernetes b8c1d6c1-6137-97c6-9c34-d4627e54ca26 Configure Kubernetes clusters with specified Flux v2 Bucket source using local secrets Deploy a 'fluxConfiguration' to Kubernetes clusters to assure that the clusters get their source of truth for workloads and configurations from the defined Bucket. This definition requires local authentication secrets stored in the Kubernetes cluster. For instructions, visit https://aka.ms/GitOpsFlux2Policy. Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
count: 001
Contributor
add
2022-08-19 16:33:23
b8c1d6c1-6137-97c6-9c34-d4627e54ca26
Automanage b025cfb4-3702-47c2-9110-87fe0cfcc99b Configure virtual machines to be onboarded to Azure Automanage with Custom Configuration Profile Azure Automanage enrolls, configures, and monitors virtual machines with best practice as defined in the Microsoft Cloud Adoption Framework for Azure. Use this policy to apply Automanage with your own customized Configuration Profile to your selected scope. Default
DeployIfNotExists
Allowed
AuditIfNotExists, DeployIfNotExists, Disabled
count: 001