| Category | Id | DisplayName | Description | Effect | Roles used | Subject | Details (UTC ymd) (i) |
|---|---|---|---|---|---|---|---|
| Monitoring | 0a3b9bf4-d30e-424a-af6b-9a93f6f78792 | Configure Windows Virtual Machine Scale Sets to be associated with a Data Collection Rule | Deploy Association to link Windows virtual machine scale sets to specified Data Collection Rule. The list of locations and OS images are updated over time as support is increased. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 002 •Log Analytics Contributor •Monitoring Contributor |
change | 2022-11-04 17:41:52 Major (1.1.0 > 2.0.0) |
| Cognitive Services | 0725b4dd-7e76-479c-a735-68e7ee23d5ca | Cognitive Services accounts should disable public network access | To improve the security of Cognitive Services accounts, ensure that it isn't exposed to the public internet and can only be accessed from a private endpoint. Disable the public network access property as described in https://go.microsoft.com/fwlink/?linkid=2129800. This option disables access from any public address space outside the Azure IP range, and denies all logins that match IP or virtual network-based firewall rules. This reduces data leakage risks. | Default Audit Allowed Audit, Deny, Disabled |
change | 2022-11-04 17:41:52 Patch (3.0.0 > 3.0.1) |
|
| Security Center | 1f90fc71-a595-4066-8974-d4d0802e8ef0 | Microsoft Defender CSPM should be enabled | Defender Cloud Security Posture Management (CSPM) provides enhanced posture capabilities and a new intelligent cloud security graph to help identify, prioritize, and reduce risk. Defender CSPM is available in addition to the free foundational security posture capabilities turned on by default in Defender for Cloud. | Default AuditIfNotExists Allowed AuditIfNotExists, Disabled |
add | 2022-11-04 17:41:52 1f90fc71-a595-4066-8974-d4d0802e8ef0 |
|
| Monitoring | eab1f514-22e3-42e3-9a1f-e1dc9199355c | Configure Windows Machines to be associated with a Data Collection Rule | Deploy Association to link Windows virtual machines, virtual machine scale sets, and Arc machines to specified Data Collection Rule. The list of locations and OS images are updated over time as support is increased. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 002 •Log Analytics Contributor •Monitoring Contributor |
change | 2022-11-04 17:41:52 Major (2.1.0 > 3.0.0) |
| Security Center | 689f7782-ef2c-4270-a6d0-7664869076bd | Configure Microsoft Defender CSPM to be enabled | Defender Cloud Security Posture Management (CSPM) provides enhanced posture capabilities and a new intelligent cloud security graph to help identify, prioritize, and reduce risk. Defender CSPM is available in addition to the free foundational security posture capabilities turned on by default in Defender for Cloud. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 001 •Security Admin |
add | 2022-11-04 17:41:52 689f7782-ef2c-4270-a6d0-7664869076bd |
| Monitoring | 244efd75-0d92-453c-b9a3-7d73ca36ed52 | Configure Windows Virtual Machines to be associated with a Data Collection Rule | Deploy Association to link Windows virtual machines to specified Data Collection Rule. The list of locations and OS images are updated over time as support is increased. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 002 •Log Analytics Contributor •Monitoring Contributor |
change | 2022-11-04 17:41:52 Major (1.1.0 > 2.0.0) |
| Security Center | 938c4981-c2c9-4168-9cd6-972b8675f906 | Microsoft Defender for SQL status should be protected for Arc-enabled SQL Servers | Microsoft Defender for SQL provides functionality for surfacing and mitigating potential database vulnerabilities, detecting anomalous activities that could indicate threats to SQL databases, discovering and classifying sensitive data. Once enabled, the protection status indicates that the resource is actively monitored. Even when Defender is enabled, multiple configuration settings should be validated on the agent, machine, workspace and SQL server to ensure active protection. | Default Audit Allowed Audit, Disabled |
add | 2022-10-28 16:42:53 938c4981-c2c9-4168-9cd6-972b8675f906 |
|
| Update Management Center | ba0df93e-e4ac-479a-aac2-134bbae39a1a | [Preview]: Schedule recurring updates using Update Management Center | You can use update management center (private preview) in Azure to save recurring deployment schedules to install operating system updates for your Windows Server and Linux machines in Azure, in on-premises environments, and in other cloud environments connected using Azure Arc-enabled servers. This policy will also change the patch mode for the Azure Virtual Machine to 'AutomaticByPlatform'. See more: https://aka.ms/umc-scheduled-patching | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 001 •Contributor |
change | 2022-10-28 16:42:53 Major, suffix remains equal (1.0.0-preview > 2.0.0-preview) |
| Machine Learning | a6f9a2d0-cff7-4855-83ad-4cd750666512 | Configure Machine Learning computes to disable local authentication methods | Disable location authentication methods so that your Machine Learning computes require Azure Active Directory identities exclusively for authentication. Learn more at: https://aka.ms/azure-ml-aad-policy. | Default Modify Allowed Modify, Disabled |
count: 001 •Contributor |
change | 2022-10-28 16:42:53 Major (1.0.0 > 2.0.0) |
| Kubernetes | 5485eac0-7e8f-4964-998b-a44f4f0c1e75 | Kubernetes cluster Windows containers should not run as ContainerAdministrator | Prevent usage of ContainerAdministrator as the user to execute the container processes for Windows pods or containers. This recommendation is intended to improve the security of Windows nodes. For more information, see https://kubernetes.io/docs/concepts/windows/intro/ . | Default Audit Allowed Audit, Deny, Disabled |
add | 2022-10-28 16:42:53 5485eac0-7e8f-4964-998b-a44f4f0c1e75 |
|
| Machine Learning | e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f | Machine Learning computes should have local authentication methods disabled | Disabling local authentication methods improves security by ensuring that Machine Learning computes require Azure Active Directory identities exclusively for authentication. Learn more at: https://aka.ms/azure-ml-aad-policy. | Default Audit Allowed Audit, Deny, Disabled |
change | 2022-10-28 16:42:53 Major (1.0.0 > 2.0.0) |
|
| Automation | dea83a72-443c-4292-83d5-54a2f98749c0 | Automation Account should have Managed Identity | Use Managed Identities as the recommended method for authenticating with Azure resources from the runbooks. Managed identity for authentication is more secure and eliminates the management overhead associated with using RunAs Account in your runbook code . | Default Audit Allowed Audit, Disabled |
add | 2022-10-28 16:42:53 dea83a72-443c-4292-83d5-54a2f98749c0 |
|
| Kubernetes | d2e7ea85-6b44-4317-a0be-1b951587f626 | Kubernetes clusters should not grant CAP_SYS_ADMIN security capabilities | To reduce the attack surface of your containers, restrict CAP_SYS_ADMIN Linux capabilities. For more information, see https://aka.ms/kubepolicydoc. | Default Audit Allowed audit, Audit, deny, Deny, disabled, Disabled |
change | 2022-10-21 16:42:13 Patch (5.0.0 > 5.0.1) |
|
| Kubernetes | 040732e8-d947-40b8-95d6-854c95024bf8 | Azure Kubernetes Service Private Clusters should be enabled | Enable the private cluster feature for your Azure Kubernetes Service cluster to ensure network traffic between your API server and your node pools remains on the private network only. This is a common requirement in many regulatory and industry compliance standards. | Default Audit Allowed Audit, Deny, Disabled |
change | 2022-10-21 16:42:13 Patch (1.0.0 > 1.0.1) |
|
| Kubernetes | 47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 | Kubernetes cluster containers should not share host process ID or host IPC namespace | Block pod containers from sharing the host process ID namespace and host IPC namespace in a Kubernetes cluster. This recommendation is part of CIS 5.2.2 and CIS 5.2.3 which are intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. | Default Audit Allowed audit, Audit, deny, Deny, disabled, Disabled |
change | 2022-10-21 16:42:13 Patch (5.0.0 > 5.0.1) |
|
| Automanage | b025cfb4-3702-47c2-9110-87fe0cfcc99b | Configure virtual machines to be onboarded to Azure Automanage with Custom Configuration Profile | Azure Automanage enrolls, configures, and monitors virtual machines with best practice as defined in the Microsoft Cloud Adoption Framework for Azure. Use this policy to apply Automanage with your own customized Configuration Profile to your selected scope. | Default DeployIfNotExists Allowed AuditIfNotExists, DeployIfNotExists, Disabled |
count: 001 •Contributor |
change | 2022-10-21 16:42:13 Minor (1.2.0 > 1.3.0) |
| Regulatory Compliance | 0dcbaf2f-075e-947b-8f4c-74ecc5cd302c | Identify individuals with security roles and responsibilities | CMA_C1566 - Identify individuals with security roles and responsibilities | Default Manual Allowed Manual, Disabled |
change | 2022-10-21 16:42:13 Patch (1.1.0 > 1.1.1) |
|
| Monitoring | d55b81e1-984f-4a96-acab-fae204e3ca7f | [Preview]: Deploy Dependency agent for Linux virtual machines with Azure Monitoring Agent settings | Deploy Dependency agent for Linux virtual machines with Azure Monitoring Agent settings if the VM Image (OS) is in the list defined and the agent is not installed. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 001 •Log Analytics Contributor |
change | 2022-10-21 16:42:13 Major, suffix remains equal (2.0.0-preview > 3.0.0-preview) |
| Kubernetes | 4f3823b6-6dac-4b5a-9c61-ce1afb829f17 | Kubernetes clusters should use Container Storage Interface(CSI) driver StorageClass | The Container Storage Interface (CSI) is a standard for exposing arbitrary block and file storage systems to containerized workloads on Kubernetes. In-tree provisioner StorageClass should be deprecated since AKS version 1.21. To learn more, https://aka.ms/aks-csi-driver | Default Audit Allowed Audit, Deny, Disabled |
change | 2022-10-21 16:42:13 Patch (2.0.0 > 2.0.1) |
|
| Monitoring | 4da21710-ce6f-4e06-8cdb-5cc4c93ffbee | Deploy Dependency agent for Linux virtual machines | Deploy Dependency agent for Linux virtual machines if the VM Image (OS) is in the list defined and the agent is not installed. | Fixed deployIfNotExists |
count: 001 •Log Analytics Contributor |
change | 2022-10-21 16:42:13 Major (4.0.0 > 5.0.0) |
| Kubernetes | e1e6c427-07d9-46ab-9689-bfa85431e636 | Kubernetes cluster pods and containers should only use allowed SELinux options | Pods and containers should only use allowed SELinux options in a Kubernetes cluster. This recommendation is part of Pod Security Policies which are intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. | Default Audit Allowed audit, Audit, deny, Deny, disabled, Disabled |
change | 2022-10-21 16:42:13 Patch (7.0.0 > 7.0.1) |
|
| Kubernetes | 1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d | Kubernetes clusters should be accessible only over HTTPS | Use of HTTPS ensures authentication and protects data in transit from network layer eavesdropping attacks. This capability is currently generally available for Kubernetes Service (AKS), and in preview for Azure Arc enabled Kubernetes. For more info, visit https://aka.ms/kubepolicydoc | Default Deny Allowed audit, Audit, deny, Deny, disabled, Disabled |
change | 2022-10-21 16:42:13 Patch (8.0.0 > 8.0.1) |
|
| Regulatory Compliance | e3905a3c-97e7-0b4f-15fb-465c0927536f | Correlate Vulnerability scan information | CMA_C1558 - Correlate Vulnerability scan information | Default Manual Allowed Manual, Disabled |
change | 2022-10-21 16:42:13 Patch (1.1.0 > 1.1.1) |
|
| Kubernetes | 3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e | Kubernetes clusters should use internal load balancers | Use internal load balancers to make a Kubernetes service accessible only to applications running in the same virtual network as the Kubernetes cluster. For more information, see https://aka.ms/kubepolicydoc. | Default Deny Allowed audit, Audit, deny, Deny, disabled, Disabled |
change | 2022-10-21 16:42:13 Patch (8.0.0 > 8.0.1) |
|
| Kubernetes | 46238e2f-3f6f-4589-9f3f-77bed4116e67 | Azure Kubernetes Clusters should use Azure CNI | Azure CNI is a prerequisite for some Azure Kubernetes Service features, including Azure network policies, Windows node pools and virtual nodes add-on. Learn more at: https://aka.ms/aks-azure-cni | Default Audit Allowed Audit, Disabled |
change | 2022-10-21 16:42:13 Patch (1.0.0 > 1.0.1) |
|
| Update Management Center | bd876905-5b84-4f73-ab2d-2e7a7c4568d9 | [Preview]: Machines should be configured to periodically check for missing system updates | To ensure periodic assessments for missing system updates are triggered automatically every 24 hours, the AssessmentMode property should be set to 'AutomaticByPlatform'. Learn more about AssessmentMode property for Windows: https://aka.ms/computevm-windowspatchassessmentmode, for Linux: https://aka.ms/computevm-linuxpatchassessmentmode. | Default Audit Allowed Audit, Deny, Disabled |
change | 2022-10-21 16:42:13 Major, suffix remains equal (1.0.0-preview > 2.0.0-preview) |
|
| Storage | b4fe1a3b-0715-4c6c-a5ea-ffc33cf823cb | Configure diagnostic settings for Blob Services to Log Analytics workspace | Deploys the diagnostic settings for Blob Services to stream resource logs to a Log Analytics workspace when any blob Service which is missing this diagnostic settings is created or updated. | Default DeployIfNotExists Allowed DeployIfNotExists, AuditIfNotExists, Disabled |
count: 002 •Log Analytics Contributor •Monitoring Contributor |
change | 2022-10-21 16:42:13 Major (3.0.0 > 4.0.0) |
| Kubernetes | da6e2401-19da-4532-9141-fb8fbde08431 | Azure Kubernetes Service Clusters should use managed identities | Use managed identities to wrap around service principals, simplify cluster management and avoid the complexity required to managed service principals. Learn more at: https://aka.ms/aks-update-managed-identities | Default Audit Allowed Audit, Disabled |
change | 2022-10-21 16:42:13 Patch (1.0.0 > 1.0.1) |
|
| Kubernetes | e345eecc-fa47-480f-9e88-67dcc122b164 | Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits | Enforce container CPU and memory resource limits to prevent resource exhaustion attacks in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. | Default Deny Allowed audit, Audit, deny, Deny, disabled, Disabled |
change | 2022-10-21 16:42:13 Patch (9.0.0 > 9.0.1) |
|
| Kubernetes | 098fc59e-46c7-4d99-9b16-64990e543d75 | Kubernetes cluster pod hostPath volumes should only use allowed host paths | Limit pod HostPath volume mounts to the allowed host paths in a Kubernetes Cluster. This recommendation is part of Pod Security Policies which are intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. | Default Audit Allowed audit, Audit, deny, Deny, disabled, Disabled |
change | 2022-10-21 16:42:13 Patch (6.0.0 > 6.0.1) |
|
| Kubernetes | 1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 | Kubernetes clusters should not allow container privilege escalation | Do not allow containers to run with privilege escalation to root in a Kubernetes cluster. This recommendation is part of CIS 5.2.5 which is intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. | Default Audit Allowed audit, Audit, deny, Deny, disabled, Disabled |
change | 2022-10-21 16:42:13 Patch (7.0.0 > 7.0.1) |
|
| Regulatory Compliance | f33c3238-11d2-508c-877c-4262ec1132e1 | Recover and reconstitute resources after any disruption | CMA_C1295 - Recover and reconstitute resources after any disruption | Default Manual Allowed Manual, Disabled |
change | 2022-10-21 16:42:13 Patch (1.1.0 > 1.1.1) |
|
| Kubernetes | f4a8fce0-2dd5-4c21-9a36-8f0ec809d663 | Kubernetes cluster pod FlexVolume volumes should only use allowed drivers | Pod FlexVolume volumes should only use allowed drivers in a Kubernetes cluster. This recommendation is part of Pod Security Policies which are intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. | Default Audit Allowed audit, Audit, deny, Deny, disabled, Disabled |
change | 2022-10-21 16:42:13 Patch (5.0.0 > 5.0.1) |
|
| Kubernetes | 65280eef-c8b4-425e-9aec-af55e55bf581 | Kubernetes cluster should not use naked pods | Block usage of naked Pods. Naked Pods will not be rescheduled in the event of a node failure. Pods should be managed by Deployment, Replicset, Daemonset or Jobs | Default Audit Allowed Audit, Deny, Disabled |
change | 2022-10-21 16:42:13 Patch (2.0.0 > 2.0.1) |
|
| Kubernetes | a27c700f-8a22-44ec-961c-41625264370b | Kubernetes clusters should not use specific security capabilities | Prevent specific security capabilities in Kubernetes clusters to prevent ungranted privileges on the Pod resource. For more information, see https://aka.ms/kubepolicydoc. | Default Audit Allowed audit, Audit, deny, Deny, disabled, Disabled |
change | 2022-10-21 16:42:13 Patch (5.0.0 > 5.0.1) |
|
| Update Management Center | 59efceea-0c96-497e-a4a1-4eb2290dac15 | [Preview]: Configure periodic checking for missing system updates on azure virtual machines | Configure auto-assessment (every 24 hours) for OS updates on native Azure virtual machines. You can control the scope of assignment according to machine subscription, resource group, location or tag. Learn more about this for Windows: https://aka.ms/computevm-windowspatchassessmentmode, for Linux: https://aka.ms/computevm-linuxpatchassessmentmode. | Fixed modify |
count: 001 •Virtual Machine Contributor |
change | 2022-10-21 16:42:13 Major, suffix remains equal (2.0.0-preview > 3.0.0-preview) |
| Kubernetes | 993c2fcd-2b29-49d2-9eb0-df2c3a730c32 | Azure Kubernetes Service Clusters should have local authentication methods disabled | Disabling local authentication methods improves security by ensuring that Azure Kubernetes Service Clusters should exclusively require Azure Active Directory identities for authentication. Learn more at: https://aka.ms/aks-disable-local-accounts. | Default Audit Allowed Audit, Deny, Disabled |
change | 2022-10-21 16:42:13 Patch (1.0.0 > 1.0.1) |
|
| Kubernetes | 82985f06-dc18-4a48-bc1c-b9f4f0098cfe | Kubernetes cluster pods should only use approved host network and port range | Restrict pod access to the host network and the allowable host port range in a Kubernetes cluster. This recommendation is part of CIS 5.2.4 which is intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. | Default Audit Allowed audit, Audit, deny, Deny, disabled, Disabled |
change | 2022-10-21 16:42:13 Patch (6.0.0 > 6.0.1) |
|
| Regulatory Compliance | f801d58e-5659-9a4a-6e8d-02c9334732e5 | Restore resources to operational state | CMA_C1297 - Restore resources to operational state | Default Manual Allowed Manual, Disabled |
change | 2022-10-21 16:42:13 Patch (1.1.0 > 1.1.1) |
|
| Kubernetes | 975ce327-682c-4f2e-aa46-b9598289b86c | Kubernetes cluster containers should only use allowed seccomp profiles | Pod containers can only use allowed seccomp profiles in a Kubernetes cluster. This recommendation is part of Pod Security Policies which are intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. | Default Audit Allowed audit, Audit, deny, Deny, disabled, Disabled |
change | 2022-10-21 16:42:13 Patch (7.0.0 > 7.0.1) |
|
| Regulatory Compliance | 62fa14f0-4cbe-762d-5469-0899a99b98aa | Explicitly notify use of collaborative computing devices | CMA_C1649 - Explicitly notify use of collaborative computing devices | Default Manual Allowed Manual, Disabled |
change | 2022-10-21 16:42:13 Patch (1.1.0 > 1.1.1) |
|
| Monitoring | 8a04f872-51e9-4313-97fb-fc1c3543011c | Azure Application Gateway should have Resource logs enabled | Enable Resource logs for Azure Application Gateway (plus WAF) and stream to a Log Analytics workspace. Get detailed visibility into inbound web traffic and actions taken to mitigate attacks. | Default AuditIfNotExists Allowed AuditIfNotExists, Disabled |
add | 2022-10-21 16:42:13 8a04f872-51e9-4313-97fb-fc1c3543011c |
|
| Kubernetes | f85eb0dd-92ee-40e9-8a76-db25a507d6d3 | Kubernetes cluster containers should only use allowed ProcMountType | Pod containers can only use allowed ProcMountTypes in a Kubernetes cluster. This recommendation is part of Pod Security Policies which are intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. | Default Audit Allowed audit, Audit, deny, Deny, disabled, Disabled |
change | 2022-10-21 16:42:13 Patch (8.0.0 > 8.0.1) |
|
| Kubernetes | 1ddac26b-ed48-4c30-8cc5-3a68c79b8001 | Kubernetes clusters should not allow endpoint edit permissions of ClusterRole/system:aggregate-to-edit | ClusterRole/system:aggregate-to-edit should not allow endpoint edit permissions due to CVE-2021-25740, Endpoint & EndpointSlice permissions allow cross-Namespace forwarding, https://github.com/kubernetes/kubernetes/issues/103675. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. | Default Audit Allowed Audit, Disabled |
change | 2022-10-21 16:42:13 Patch (3.0.0 > 3.0.1) |
|
| Monitoring | 2fea0c12-e7d4-4e03-b7bf-c34b2b8d787d | [Preview]: Deploy Dependency agent for Linux virtual machine scale sets with Azure Monitoring Agent settings | Deploy Dependency agent for Linux virtual machine scale sets with Azure Monitoring Agent settings if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all virtual machines in the set by calling upgrade on them. In CLI this would be az vmss update-instances. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 001 •Virtual Machine Contributor |
change | 2022-10-21 16:42:13 Major, suffix remains equal (2.0.0-preview > 3.0.0-preview) |
| Kubernetes | b81f454c-eebb-4e4f-9dfe-dca060e8a8fd | [Preview]: Kubernetes clusters should restrict creation of given resource type | Given Kubernetes resource type should not be deployed in certain namespace. | Default Audit Allowed Audit, Deny, Disabled |
change | 2022-10-21 16:42:13 Patch, suffix remains equal (2.1.0-preview > 2.1.1-preview) |
|
| Kubernetes | febd0533-8e55-448f-b837-bd0e06f16469 | Kubernetes cluster containers should only use allowed images | Use images from trusted registries to reduce the Kubernetes cluster's exposure risk to unknown vulnerabilities, security issues and malicious images. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. | Default Deny Allowed audit, Audit, deny, Deny, disabled, Disabled |
change | 2022-10-21 16:42:13 Patch (9.0.0 > 9.0.1) |
|
| Kubernetes | a2abc456-f0ae-464b-bd3a-07a3cdbd7fb1 | Kubernetes cluster Windows containers should not overcommit cpu and memory | Windows container resource requests should be less or equal to the resource limit or unspecified to avoid overcommit. If Windows memory is over-provisioned it will process pages in disk - which can slow down performance - instead of terminating the container with out-of-memory | Default Audit Allowed Audit, Deny, Disabled |
change | 2022-10-21 16:42:13 Patch (2.0.0 > 2.0.1) |
|
| Kubernetes | 56d0a13f-712f-466b-8416-56fb354fb823 | Kubernetes cluster containers should not use forbidden sysctl interfaces | Containers should not use forbidden sysctl interfaces in a Kubernetes cluster. This recommendation is part of Pod Security Policies which are intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. | Default Audit Allowed audit, Audit, deny, Deny, disabled, Disabled |
change | 2022-10-21 16:42:13 Patch (7.0.0 > 7.0.1) |
|
| Monitoring | 8a04f872-51e9-4313-97fb-fc1c35430fd8 | Azure Front Door should have Resource logs enabled | Enable Resource logs for Azure Front Door (plus WAF) and stream to a Log Analytics workspace. Get detailed visibility into inbound web traffic and actions taken to mitigate attacks. | Default AuditIfNotExists Allowed AuditIfNotExists, Disabled |
add | 2022-10-21 16:42:13 8a04f872-51e9-4313-97fb-fc1c35430fd8 |
|
| Kubernetes | 57dde185-5c62-4063-b965-afbb201e9c1c | Kubernetes cluster Windows containers should only run with approved user and domain user group | Control the user that Windows pods and containers can use to run in a Kubernetes Cluster. This recommendation is part of Pod Security Policies on Windows nodes which are intended to improve the security of your Kubernetes environments. | Default Audit Allowed Audit, Deny, Disabled |
change | 2022-10-21 16:42:13 Patch (2.0.0 > 2.0.1) |
|
| Automanage | 270610db-8c04-438a-a739-e8e6745b22d3 | [Deprecated]: Configure virtual machines to be onboarded to Azure Automanage | Azure Automanage enrolls, configures, and monitors virtual machines with best practice as defined in the Microsoft Cloud Adoption Framework for Azure. Use this policy to apply Automanage to your selected scope. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 001 •Contributor |
change | 2022-10-21 16:42:13 Patch, suffix changed: new suffix: deprecated; old suffix: version (4.1.0-version-deprecated > 4.1.1-deprecated) |
| Kubernetes | 7d7be79c-23ba-4033-84dd-45e2a5ccdd67 | Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys | Encrypting OS and data disks using customer-managed keys provides more control and greater flexibility in key management. This is a common requirement in many regulatory and industry compliance standards. | Default Audit Allowed Audit, Deny, Disabled |
change | 2022-10-21 16:42:13 Patch (1.0.0 > 1.0.1) |
|
| Regulatory Compliance | a3e98638-51d4-4e28-910a-60e98c1a756f | Configure Azure Audit capabilities | CMA_C1108 - Configure Azure Audit capabilities | Default Manual Allowed Manual, Disabled |
change | 2022-10-21 16:42:13 Patch (1.1.0 > 1.1.1) |
|
| Kubernetes | 13cd7ae3-5bc0-4ac4-a62d-4f7c120b9759 | [Preview]: Kubernetes clusters should gate deployment of vulnerable images | Protect your Kubernetes clusters and container workloads from potential threats by restricting deployment of container images with vulnerable software components. Use Azure Defender CI/CD scanning (https://aka.ms/AzureDefenderCICDscanning) and Azure defender for container registries (https://aka.ms/AzureDefenderForContainerRegistries) to identify and patch vulnerabilities prior to deployment. Evaluation prerequisite: Policy Addon and Azure Defender Profile. Only applicable for private preview customers. | Default Audit Allowed Audit, Deny, Disabled |
change | 2022-10-21 16:42:13 Patch, suffix remains equal (2.0.0-preview > 2.0.1-preview) |
|
| Storage | 59759c62-9a22-4cdf-ae64-074495983fef | Configure diagnostic settings for Storage Accounts to Log Analytics workspace | Deploys the diagnostic settings for Storage accounts to stream resource logs to a Log Analytics workspace when any storage accounts which is missing this diagnostic settings is created or updated. | Default DeployIfNotExists Allowed DeployIfNotExists, AuditIfNotExists, Disabled |
count: 002 •Log Analytics Contributor •Monitoring Contributor |
change | 2022-10-21 16:42:13 Major (3.0.0 > 4.0.0) |
| Kubernetes | f06ddb64-5fa3-4b77-b166-acb36f7f6042 | Kubernetes cluster pods and containers should only run with approved user and group IDs | Control the user, primary group, supplemental group and file system group IDs that pods and containers can use to run in a Kubernetes Cluster. This recommendation is part of Pod Security Policies which are intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. | Default Audit Allowed audit, Audit, deny, Deny, disabled, Disabled |
change | 2022-10-21 16:42:13 Patch (6.0.0 > 6.0.1) |
|
| Kubernetes | 36a27de4-199b-40fb-b336-945a8475d6c5 | Configure AAD integrated Azure Kubernetes Service Clusters with required Admin Group Access | Ensure to improve cluster security by centrally govern Administrator access to Azure Active Directory integrated AKS clusters. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 002 •Azure Kubernetes Service Contributor Role •Azure Kubernetes Service Policy Add-on Deployment |
change | 2022-10-21 16:42:13 Patch (2.0.0 > 2.0.1) |
| Kubernetes | 9a5f4e39-e427-4d5d-ae73-93db00328bec | Kubernetes resources should have required annotations | Ensure that required annotations are attached on a given Kubernetes resource kind for improved resource management of your Kubernetes resources. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. | Default Audit Allowed Audit, Deny, Disabled |
change | 2022-10-21 16:42:13 Patch (3.0.0 > 3.0.1) |
|
| Kubernetes | d46c275d-1680-448d-b2ec-e495a3b6cc89 | Kubernetes cluster services should only use allowed external IPs | Use allowed external IPs to avoid the potential attack (CVE-2020-8554) in a Kubernetes cluster. For more information, see https://aka.ms/kubepolicydoc. | Default Audit Allowed audit, Audit, deny, Deny, disabled, Disabled |
change | 2022-10-21 16:42:13 Patch (5.0.0 > 5.0.1) |
|
| Kubernetes | 95edb821-ddaf-4404-9732-666045e056b4 | Kubernetes cluster should not allow privileged containers | Do not allow privileged containers creation in a Kubernetes cluster. This recommendation is part of CIS 5.2.1 which is intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. | Default Deny Allowed audit, Audit, deny, Deny, disabled, Disabled |
change | 2022-10-21 16:42:13 Patch (9.0.0 > 9.0.1) |
|
| Kubernetes | 89f2d532-c53c-4f8f-9afa-4927b1114a0d | Azure Kubernetes Service Clusters should disable Command Invoke | Disabling command invoke can enhance the security by avoiding bypass of restricted network access or Kubernetes role-based access control | Default Audit Allowed Audit, Disabled |
change | 2022-10-21 16:42:13 Patch (1.0.0 > 1.0.1) |
|
| Kubernetes | b1a9997f-2883-4f12-bdff-2280f99b5915 | Ensure cluster containers have readiness or liveness probes configured | This policy enforces that all pods have a readiness and/or liveness probes configured. Probe Types can be any of tcpSocket, httpGet and exec. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc. | Default Audit Allowed Audit, Deny, Disabled |
change | 2022-10-21 16:42:13 Patch (3.0.0 > 3.0.1) |
|
| Kubernetes | 41425d9f-d1a5-499a-9932-f8ed8453932c | Temp disks and cache for agent node pools in Azure Kubernetes Service clusters should be encrypted at host | To enhance data security, the data stored on the virtual machine (VM) host of your Azure Kubernetes Service nodes VMs should be encrypted at rest. This is a common requirement in many regulatory and industry compliance standards. | Default Audit Allowed Audit, Deny, Disabled |
change | 2022-10-21 16:42:13 Patch (1.0.0 > 1.0.1) |
|
| Automanage | f889cab7-da27-4c41-a3b0-de1f6f87c550 | Configure virtual machines to be onboarded to Azure Automanage | Azure Automanage enrolls, configures, and monitors virtual machines with best practice as defined in the Microsoft Cloud Adoption Framework for Azure. Use this policy to apply Automanage to your selected scope. | Default DeployIfNotExists Allowed AuditIfNotExists, DeployIfNotExists, Disabled |
count: 001 •Contributor |
change | 2022-10-21 16:42:13 Minor (2.2.0 > 2.3.0) |
| Storage | 2fb86bf3-d221-43d1-96d1-2434af34eaa0 | Configure diagnostic settings for Table Services to Log Analytics workspace | Deploys the diagnostic settings for Table Services to stream resource logs to a Log Analytics workspace when any table Service which is missing this diagnostic settings is created or updated. | Default DeployIfNotExists Allowed DeployIfNotExists, AuditIfNotExists, Disabled |
count: 002 •Log Analytics Contributor •Monitoring Contributor |
change | 2022-10-21 16:42:13 Major (3.0.0 > 4.0.0) |
| Storage | 25a70cc8-2bd4-47f1-90b6-1478e4662c96 | Configure diagnostic settings for File Services to Log Analytics workspace | Deploys the diagnostic settings for File Services to stream resource logs to a Log Analytics workspace when any file Service which is missing this diagnostic settings is created or updated. | Default DeployIfNotExists Allowed DeployIfNotExists, AuditIfNotExists, Disabled |
count: 002 •Log Analytics Contributor •Monitoring Contributor |
change | 2022-10-21 16:42:13 Major (3.0.0 > 4.0.0) |
| Kubernetes | 16697877-1118-4fb1-9b65-9898ec2509ec | Kubernetes cluster pods should only use allowed volume types | Pods can only use allowed volume types in a Kubernetes cluster. This recommendation is part of Pod Security Policies which are intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. | Default Audit Allowed audit, Audit, deny, Deny, disabled, Disabled |
change | 2022-10-21 16:42:13 Patch (5.0.0 > 5.0.1) |
|
| Kubernetes | 46592696-4c7b-4bf3-9e45-6c2763bdc0a6 | Kubernetes cluster pods should use specified labels | Use specified labels to identify the pods in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. | Default Deny Allowed audit, Audit, deny, Deny, disabled, Disabled |
change | 2022-10-21 16:42:13 Patch (7.0.0 > 7.0.1) |
|
| Storage | 7bd000e3-37c7-4928-9f31-86c4b77c5c45 | Configure diagnostic settings for Queue Services to Log Analytics workspace | Deploys the diagnostic settings for Queue Services to stream resource logs to a Log Analytics workspace when any queue Service which is missing this diagnostic settings is created or updated. | Default DeployIfNotExists Allowed DeployIfNotExists, AuditIfNotExists, Disabled |
count: 002 •Log Analytics Contributor •Monitoring Contributor |
change | 2022-10-21 16:42:13 Major (3.0.0 > 4.0.0) |
| Kubernetes | 450d2877-ebea-41e8-b00c-e286317d21bf | Azure Kubernetes Service Clusters should enable Azure Active Directory integration | AKS-managed Azure Active Directory integration can manage the access to the clusters by configuring Kubernetes role-based access control (Kubernetes RBAC) based on a user's identity or directory group membership. Learn more at: https://aka.ms/aks-managed-aad. | Default Audit Allowed Audit, Disabled |
change | 2022-10-21 16:42:13 Patch (1.0.0 > 1.0.1) |
|
| Kubernetes | c26596ff-4d70-4e6a-9a30-c2506bd2f80c | Kubernetes cluster containers should only use allowed capabilities | Restrict the capabilities to reduce the attack surface of containers in a Kubernetes cluster. This recommendation is part of CIS 5.2.8 and CIS 5.2.9 which are intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. | Default Audit Allowed audit, Audit, deny, Deny, disabled, Disabled |
change | 2022-10-21 16:42:13 Patch (6.0.0 > 6.0.1) |
|
| Kubernetes | 233a2a17-77ca-4fb1-9b6b-69223d272a44 | Kubernetes cluster services should listen only on allowed ports | Restrict services to listen only on allowed ports to secure access to the Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. | Default Deny Allowed audit, Audit, deny, Deny, disabled, Disabled |
change | 2022-10-21 16:42:13 Patch (8.0.0 > 8.0.1) |
|
| Kubernetes | df49d893-a74c-421d-bc95-c663042e5b80 | Kubernetes cluster containers should run with a read only root file system | Run containers with a read only root file system to protect from changes at run-time with malicious binaries being added to PATH in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. | Default Audit Allowed audit, Audit, deny, Deny, disabled, Disabled |
change | 2022-10-21 16:42:13 Patch (6.0.0 > 6.0.1) |
|
| Monitoring | 765266ab-e40e-4c61-bcb2-5a5275d0b7c0 | Deploy Dependency agent for Linux virtual machine scale sets | Deploy Dependency agent for Linux virtual machine scale sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all virtual machines in the set by calling upgrade on them. In CLI this would be az vmss update-instances. | Fixed deployIfNotExists |
count: 001 •Virtual Machine Contributor |
change | 2022-10-21 16:42:13 Major (4.0.0 > 5.0.0) |
| Kubernetes | 50c83470-d2f0-4dda-a716-1938a4825f62 | Kubernetes cluster containers should only use allowed pull policy | Restrict containers' pull policy to enforce containers to use only allowed images on deployments | Default Audit Allowed Audit, Deny, Disabled |
change | 2022-10-21 16:42:13 Patch (3.0.0 > 3.0.1) |
|
| Regulatory Compliance | 22a02c9a-49e4-5dc9-0d14-eb35ad717154 | Obtain design and implementation information for the security controls | CMA_C1576 - Obtain design and implementation information for the security controls | Default Manual Allowed Manual, Disabled |
change | 2022-10-21 16:42:13 Patch (1.1.0 > 1.1.1) |
|
| Kubernetes | 423dd1ba-798e-40e4-9c4d-b6902674b423 | Kubernetes clusters should disable automounting API credentials | Disable automounting API credentials to prevent a potentially compromised Pod resource to run API commands against Kubernetes clusters. For more information, see https://aka.ms/kubepolicydoc. | Default Audit Allowed audit, Audit, deny, Deny, disabled, Disabled |
change | 2022-10-21 16:42:13 Patch (4.0.0 > 4.0.1) |
|
| SQL | fd2d1a6e-6d95-4df2-ad00-504bf0273406 | Configure Arc-enabled machines running SQL Server to have SQL Server extension installed. | To ensure that SQL Server - Azure Arc resources are created by default when SQL Server instance is found on Azure Arc enabled Windows/Linux Server, the latter should have SQL Server extension installed | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 002 •Log Analytics Contributor •User Access Administrator |
change | 2022-10-21 16:42:13 Minor (3.0.0 > 3.1.0) |
| Kubernetes | 1b708b0a-3380-40e9-8b79-821f9fa224cc | Disable Command Invoke on Azure Kubernetes Service clusters | Disabling command invoke can enhance the security by rejecting invoke-command access to the cluster | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 002 •Azure Kubernetes Service Contributor Role •Azure Kubernetes Service Policy Add-on Deployment |
change | 2022-10-21 16:42:13 Patch (1.0.0 > 1.0.1) |
| Kubernetes | 9f061a12-e40d-4183-a00e-171812443373 | Kubernetes clusters should not use the default namespace | Prevent usage of the default namespace in Kubernetes clusters to protect against unauthorized access for ConfigMap, Pod, Secret, Service, and ServiceAccount resource types. For more information, see https://aka.ms/kubepolicydoc. | Default Audit Allowed audit, Audit, deny, Deny, disabled, Disabled |
change | 2022-10-21 16:42:13 Patch (4.0.0 > 4.0.1) |
|
| Kubernetes | 511f5417-5d12-434d-ab2e-816901e72a5e | Kubernetes cluster containers should only use allowed AppArmor profiles | Containers should only use allowed AppArmor profiles in a Kubernetes cluster. This recommendation is part of Pod Security Policies which are intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. | Default Audit Allowed audit, Audit, deny, Deny, disabled, Disabled |
change | 2022-10-21 16:42:13 Patch (6.0.0 > 6.0.1) |
|
| App Service | 2d048aca-6479-4923-88f5-e2ac295d9af3 | App Service Environment apps should not be reachable over public internet | To ensure apps deployed in an App Service Environment are not accessible over public internet, one should deploy App Service Environment with an IP address in virtual network. To set the IP address to a virtual network IP, the App Service Environment must be deployed with an internal load balancer. | Default Audit Allowed Audit, Deny, Disabled |
change | 2022-10-14 16:34:37 Major (2.0.0 > 3.0.0) |
|
| Guest Configuration | 63594bb8-43bb-4bf0-bbf8-c67e5c28cb65 | [Preview]: Linux machines should meet STIG compliance requirement for Azure compute | Requires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if the machine is not configured correctly for one of the recommendations in STIG compliance requirement for Azure compute. DISA (Defense Information Systems Agency) provides technical guides STIG (Security Technical Implementation Guide) to secure compute OS as required by Department of Defense (DoD). For more details, https://public.cyber.mil/stigs/. | Default AuditIfNotExists Allowed AuditIfNotExists, Disabled |
add | 2022-10-14 16:34:37 63594bb8-43bb-4bf0-bbf8-c67e5c28cb65 |
|
| Azure Arc | 55c4db33-97b0-437b-8469-c4f4498f5df9 | Configure Azure Arc Private Link Scopes to use private DNS zones | Use private DNS zones to override the DNS resolution for a private endpoint. A private DNS zone links to your virtual network to resolve to Azure Arc Private Link Scopes. Learn more at: https://aka.ms/arc/privatelink. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 001 •Network Contributor |
change | 2022-10-07 16:34:28 Minor (1.0.0 > 1.2.0) |
| Azure Arc | d6eeba80-df61-4de5-8772-bc1b7852ba6b | Configure Azure Arc Private Link Scopes with private endpoints | Private endpoints connect your virtual networks to Azure services without a public IP address at the source or destination. By mapping private endpoints to Azure Arc Private Link Scopes, you can reduce data leakage risks. Learn more about private links at: https://aka.ms/arc/privatelink. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 003 •Azure Connected Machine Resource Administrator •Kubernetes Cluster - Azure Arc Onboarding •Network Contributor |
change | 2022-10-07 16:34:28 Major (1.0.0 > 2.0.0) |
| App Service | 8c122334-9d20-4eb8-89ea-ac9a705b74ae | App Service apps should use latest 'HTTP Version' | Periodically, newer versions are released for HTTP either due to security flaws or to include additional functionality. Using the latest HTTP version for web apps to take advantage of security fixes, if any, and/or new functionalities of the newer version. | Default AuditIfNotExists Allowed AuditIfNotExists, Disabled |
change | 2022-10-07 16:34:28 Major (3.0.0 > 4.0.0) |
|
| App Service | 1f01f1c7-539c-49b5-9ef4-d4ffa37d22e0 | Configure Function apps to use the latest TLS version | Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for Function apps to take advantage of security fixes, if any, and/or new functionalities of the latest version. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 001 •Website Contributor |
change | 2022-10-07 16:34:28 Patch (1.0.0 > 1.0.1) |
| App Service | deb528de-8f89-4101-881c-595899253102 | Function app slots should use the latest TLS version | Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for Function apps to take advantage of security fixes, if any, and/or new functionalities of the latest version. | Default AuditIfNotExists Allowed AuditIfNotExists, Disabled |
add | 2022-10-07 16:34:28 deb528de-8f89-4101-881c-595899253102 |
|
| App Service | ab9ca4fc-5d29-4c62-bbad-018df1f5f0dd | App Service app slots should enable outbound non-RFC 1918 traffic to Azure Virtual Network | By default, if one uses regional Azure Virtual Network (VNET) integration, the app only routes RFC1918 traffic into that respective virtual network. Using the API to set 'vnetRouteAllEnabled' to true enables all outbound traffic into the Azure Virtual Network. This setting allows features like network security groups and user defined routes to be used for all outbound traffic from the App Service app. | Default AuditIfNotExists Allowed AuditIfNotExists, Disabled |
add | 2022-10-07 16:34:28 ab9ca4fc-5d29-4c62-bbad-018df1f5f0dd |
|
| App Service | 2374605e-3e0b-492b-9046-229af202562c | Configure App Service apps to disable public network access | Disable public network access for your App Services so that it is not accessible over the public internet. This can reduce data leakage risks. Learn more at: https://aka.ms/app-service-private-endpoint. | Default Modify Allowed Modify, Disabled |
count: 001 •Website Contributor |
add | 2022-10-07 16:34:28 2374605e-3e0b-492b-9046-229af202562c |
| App Service | c6c3e00e-d414-4ca4-914f-406699bb8eee | Configure App Service app slots to disable public network access | Disable public network access for your App Services so that it is not accessible over the public internet. This can reduce data leakage risks. Learn more at: https://aka.ms/app-service-private-endpoint. | Default Modify Allowed Modify, Disabled |
count: 001 •Website Contributor |
add | 2022-10-07 16:34:28 c6c3e00e-d414-4ca4-914f-406699bb8eee |
| App Service | cca5adfe-626b-4cc6-8522-f5b6ed2391bd | Configure App Service app slots to turn off remote debugging | Remote debugging requires inbound ports to be opened on an App Service app. Remote debugging should be turned off. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 001 •Website Contributor |
add | 2022-10-07 16:34:28 cca5adfe-626b-4cc6-8522-f5b6ed2391bd |
| App Service | 4ee5b817-627a-435a-8932-116193268172 | App Service app slots should use the latest TLS version | Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for App Service apps to take advantage of security fixes, if any, and/or new functionalities of the latest version. | Default AuditIfNotExists Allowed AuditIfNotExists, Disabled |
add | 2022-10-07 16:34:28 4ee5b817-627a-435a-8932-116193268172 |
|
| App Service | 969ac98b-88a8-449f-883c-2e9adb123127 | Function apps should disable public network access | Disabling public network access improves security by ensuring that the Function app is not exposed on the public internet. Creating private endpoints can limit exposure of a Function App. Learn more at: https://aka.ms/app-service-private-endpoint. | Default Audit Allowed Audit, Disabled, Deny |
add | 2022-10-07 16:34:28 969ac98b-88a8-449f-883c-2e9adb123127 |
|
| App Service | ae44c1d1-0df2-4ca9-98fa-a3d3ae5b409d | Configure App Service apps to use the latest TLS version | Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for App Service apps to take advantage of security fixes, if any, and/or new functionalities of the latest version. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 001 •Website Contributor |
change | 2022-10-07 16:34:28 Patch (1.0.0 > 1.0.1) |
| App Service | 014664e7-e348-41a3-aeb9-566e4ff6a9df | Configure App Service app slots to use the latest TLS version | Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for App Service apps to take advantage of security fixes, if any, and/or new functionalities of the latest version. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 001 •Website Contributor |
add | 2022-10-07 16:34:28 014664e7-e348-41a3-aeb9-566e4ff6a9df |
| App Service | a08ae1ab-8d1d-422b-a123-df82b307ba61 | App Service app slots should have remote debugging turned off | Remote debugging requires inbound ports to be opened on an App Service app. Remote debugging should be turned off. | Default AuditIfNotExists Allowed AuditIfNotExists, Disabled |
add | 2022-10-07 16:34:28 a08ae1ab-8d1d-422b-a123-df82b307ba61 |
|
| Monitoring | 2fea0c12-e7d4-4e03-b7bf-c34b2b8d787d | [Preview]: Deploy Dependency agent for Linux virtual machine scale sets with Azure Monitoring Agent settings | Deploy Dependency agent for Linux virtual machine scale sets with Azure Monitoring Agent settings if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all virtual machines in the set by calling upgrade on them. In CLI this would be az vmss update-instances. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 001 •Virtual Machine Contributor |
change | 2022-10-07 16:34:28 Major, suffix remains equal (1.1.1-preview > 2.0.0-preview) |
| Azure Arc | 12e7176a-4919-47ef-922b-34eda4c7f0ce | Azure Arc-enabled kubernetes clusters should be configured with an Azure Arc Private Link Scope | Azure Private Link lets you connect your virtual networks to Azure services without a public IP address at the source or destination. The Private Link platform handles the connectivity between the consumer and services over the Azure backbone network. By mapping Azure Arc-enabled servers to an Azure Arc Private Link Scope that is configured with a private endpoint, data leakage risks are reduced. Learn more about private links at: https://aka.ms/arc/privatelink. | Default Audit Allowed Audit, Deny, Disabled |
add | 2022-10-07 16:34:28 12e7176a-4919-47ef-922b-34eda4c7f0ce |
|
| App Service | e2c1c086-2d84-4019-bff3-c44ccd95113c | Function apps should use latest 'HTTP Version' | Periodically, newer versions are released for HTTP either due to security flaws or to include additional functionality. Using the latest HTTP version for web apps to take advantage of security fixes, if any, and/or new functionalities of the newer version. | Default AuditIfNotExists Allowed AuditIfNotExists, Disabled |
change | 2022-10-07 16:34:28 Major (3.0.0 > 4.0.0) |
|
| App Service | 0f98368e-36bc-4716-8ac2-8f8067203b63 | Configure App Service apps to only be accessible over HTTPS | Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. | Default Modify Allowed Modify, Disabled |
count: 001 •Website Contributor |
change | 2022-10-07 16:34:28 Major (1.0.0 > 2.0.0) |
| App Service | f9d614c5-c173-4d56-95a7-b4437057d193 | Function apps should use the latest TLS version | Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for Function apps to take advantage of security fixes, if any, and/or new functionalities of the latest version. | Default AuditIfNotExists Allowed AuditIfNotExists, Disabled |
change | 2022-10-07 16:34:28 Patch (2.0.0 > 2.0.1) |
|
| App Service | fa98f1b1-1f56-4179-9faf-93ad82f3458f | Function app slots should use latest 'HTTP Version' | Periodically, newer versions are released for HTTP either due to security flaws or to include additional functionality. Using the latest HTTP version for web apps to take advantage of security fixes, if any, and/or new functionalities of the newer version. | Default AuditIfNotExists Allowed AuditIfNotExists, Disabled |
add | 2022-10-07 16:34:28 fa98f1b1-1f56-4179-9faf-93ad82f3458f |
|
| Synapse | c3624673-d2ff-48e0-b28c-5de1c6767c3c | Configure Synapse Workspaces to use only Azure Active Directory identities for authentication | Azure Active Directory (AAD) only authentication methods improves security by ensuring that Synapse Workspaces exclusively require AAD identities for authentication. Learn more at: https://aka.ms/Synapse. | Default Modify Allowed Modify, Disabled |
count: 001 •Contributor |
add | 2022-10-07 16:34:28 c3624673-d2ff-48e0-b28c-5de1c6767c3c |
| Monitoring | d55b81e1-984f-4a96-acab-fae204e3ca7f | [Preview]: Deploy Dependency agent for Linux virtual machines with Azure Monitoring Agent settings | Deploy Dependency agent for Linux virtual machines with Azure Monitoring Agent settings if the VM Image (OS) is in the list defined and the agent is not installed. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 001 •Log Analytics Contributor |
change | 2022-10-07 16:34:28 Major, suffix remains equal (1.1.1-preview > 2.0.0-preview) |
| Kubernetes | dbbdc317-9734-4dd8-9074-993b29c69008 | Azure Kubernetes Clusters should enable Key Management Service (KMS) | Use Key Management Service (KMS) to encrypt secret data at rest in etcd for Kubernetes cluster security. Learn more at: https://aka.ms/aks/kmsetcdencryption. | Default Audit Allowed Audit, Disabled |
add | 2022-10-07 16:34:28 dbbdc317-9734-4dd8-9074-993b29c69008 |
|
| App Service | 08cf2974-d178-48a0-b26d-f6b8e555748b | Configure Function app slots to only be accessible over HTTPS | Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. | Default Modify Allowed Modify, Disabled |
count: 001 •Website Contributor |
change | 2022-10-07 16:34:28 Major (1.0.0 > 2.0.0) |
| App Service | 70adbb40-e092-42d5-a6f8-71c540a5efdb | Configure Function app slots to turn off remote debugging | Remote debugging requires inbound ports to be opened on a Function app. Remote debugging should be turned off. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 001 •Website Contributor |
add | 2022-10-07 16:34:28 70adbb40-e092-42d5-a6f8-71c540a5efdb |
| Synapse | cb3738a6-82a2-4a18-b87b-15217b9deff4 | Azure Synapse Workspace SQL Server should be running TLS version 1.2 or newer | Setting TLS version to 1.2 or newer improves security by ensuring your Azure Synapse workspace SQL server can only be accessed from clients using TLS 1.2 or newer. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities. | Default Audit Allowed Audit, Deny, Disabled |
change | 2022-10-07 16:34:28 Minor (1.0.0 > 1.1.0) |
|
| App Service | d639b3af-a535-4bef-8dcf-15078cddf5e2 | App Service app slots should have resource logs enabled | Audit enabling of resource logs on the app. This enables you to recreate activity trails for investigation purposes if a security incident occurs or your network is compromised. | Default AuditIfNotExists Allowed AuditIfNotExists, Disabled |
add | 2022-10-07 16:34:28 d639b3af-a535-4bef-8dcf-15078cddf5e2 |
|
| App Service | 63a0ac64-5d5f-4569-8a3d-df67cc1ce9d7 | [Deprecated]: App Services should disable public network access | Disabling public network access improves security by ensuring that the App Service is not exposed on the public internet. Creating private endpoints can limit exposure of an App Service. Learn more at: https://aka.ms/app-service-private-endpoint. | Default AuditIfNotExists Allowed AuditIfNotExists, Disabled |
change | 2022-10-07 16:34:28 Version remains equal, new suffix: deprecated (1.0.0 > 1.0.0-deprecated) |
|
| App Service | 4a15c15f-90d5-4a1f-8b63-2903944963fd | App Service app slots should use managed identity | Use a managed identity for enhanced authentication security | Default AuditIfNotExists Allowed AuditIfNotExists, Disabled |
add | 2022-10-07 16:34:28 4a15c15f-90d5-4a1f-8b63-2903944963fd |
|
| App Service | 546fe8d2-368d-4029-a418-6af48a7f61e5 | App Service apps should use a SKU that supports private link | With supported SKUs, Azure Private Link lets you connect your virtual network to Azure services without a public IP address at the source or destination. The Private Link platform handles the connectivity between the consumer and services over the Azure backbone network. By mapping private endpoints to apps, you can reduce data leakage risks. Learn more about private links at: https://aka.ms/private-link. | Default Audit Allowed Audit, Deny, Disabled |
change | 2022-10-07 16:34:28 Patch (4.0.0 > 4.0.1) |
|
| App Service | 701a595d-38fb-4a66-ae6d-fb3735217622 | App Service app slots should disable public network access | Disabling public network access improves security by ensuring that the App Service is not exposed on the public internet. Creating private endpoints can limit exposure of an App Service. Learn more at: https://aka.ms/app-service-private-endpoint. | Default Audit Allowed Audit, Disabled, Deny |
add | 2022-10-07 16:34:28 701a595d-38fb-4a66-ae6d-fb3735217622 |
|
| App Service | ae1b9a8c-dfce-4605-bd91-69213b4a26fc | App Service app slots should only be accessible over HTTPS | Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. | Default Audit Allowed Audit, Disabled, Deny |
change | 2022-10-07 16:34:28 Major (1.0.0 > 2.0.0) |
|
| App Service | 81dff7c0-4020-4b58-955d-c076a2136b56 | [Deprecated]: Configure App Services to disable public network access | Disable public network access for your App Services so that it is not accessible over the public internet. This can reduce data leakage risks. Learn more at: https://aka.ms/app-service-private-endpoint. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 001 •Website Contributor |
change | 2022-10-07 16:34:28 Version remains equal, new suffix: deprecated (1.0.0 > 1.0.0-deprecated) |
| App Service | a18c77f2-3d6d-497a-9f61-849a7e8a3b79 | Configure App Service app slots to only be accessible over HTTPS | Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. | Default Modify Allowed Modify, Disabled |
count: 001 •Website Contributor |
change | 2022-10-07 16:34:28 Major (1.0.0 > 2.0.0) |
| App Service | f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b | App Service apps should use the latest TLS version | Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for App Service apps to take advantage of security fixes, if any, and/or new functionalities of the latest version. | Default AuditIfNotExists Allowed AuditIfNotExists, Disabled |
change | 2022-10-07 16:34:28 Patch (2.0.0 > 2.0.1) |
|
| App Service | a4af4a39-4135-47fb-b175-47fbdf85311d | App Service apps should only be accessible over HTTPS | Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. | Default Audit Allowed Audit, Disabled, Deny |
change | 2022-10-07 16:34:28 Major (3.0.0 > 4.0.0) |
|
| App Service | 89691ef9-8c50-49a8-8950-9c7fba41699e | Function app slots should have remote debugging turned off | Remote debugging requires inbound ports to be opened on Function apps. Remote debugging should be turned off. | Default AuditIfNotExists Allowed AuditIfNotExists, Disabled |
add | 2022-10-07 16:34:28 89691ef9-8c50-49a8-8950-9c7fba41699e |
|
| Health Data Services workspace | 64528841-2f92-43f6-a137-d52e5c3dbeac | Azure Health Data Services workspace should use private link | Health Data Services workspace should have at least one approved private endpoint connection. Clients in a virtual network can securely access resources that have private endpoint connections through private links. For more information, visit: https://aka.ms/healthcareapisprivatelink. | Default Audit Allowed Audit, Disabled |
add | 2022-10-07 16:34:28 64528841-2f92-43f6-a137-d52e5c3dbeac |
|
| App Service | a096cbd0-4693-432f-9374-682f485f23f3 | Configure Function apps to only be accessible over HTTPS | Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. | Default Modify Allowed Modify, Disabled |
count: 001 •Website Contributor |
change | 2022-10-07 16:34:28 Major (1.0.0 > 2.0.0) |
| App Service | 1b5ef780-c53c-4a64-87f3-bb9c8c8094ba | App Service apps should disable public network access | Disabling public network access improves security by ensuring that the App Service is not exposed on the public internet. Creating private endpoints can limit exposure of an App Service. Learn more at: https://aka.ms/app-service-private-endpoint. | Default Audit Allowed Audit, Disabled, Deny |
add | 2022-10-07 16:34:28 1b5ef780-c53c-4a64-87f3-bb9c8c8094ba |
|
| Synapse | 2158ddbe-fefa-408e-b43f-d4faef8ff3b8 | Synapse Workspaces should use only Azure Active Directory identities for authentication | Azure Active Directory (AAD) only authentication methods improves security by ensuring that Synapse Workspaces exclusively require AAD identities for authentication. Learn more at: https://aka.ms/Synapse. | Default Audit Allowed Audit, Deny, Disabled |
add | 2022-10-07 16:34:28 2158ddbe-fefa-408e-b43f-d4faef8ff3b8 |
|
| App Service | 6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab | Function apps should only be accessible over HTTPS | Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. | Default Audit Allowed Audit, Disabled, Deny |
change | 2022-10-07 16:34:28 Major (4.0.0 > 5.0.0) |
|
| App Service | 11c82d0c-db9f-4d7b-97c5-f3f9aa957da2 | Function app slots should disable public network access | Disabling public network access improves security by ensuring that the Function app is not exposed on the public internet. Creating private endpoints can limit exposure of a Function App. Learn more at: https://aka.ms/app-service-private-endpoint. | Default Audit Allowed Audit, Disabled, Deny |
add | 2022-10-07 16:34:28 11c82d0c-db9f-4d7b-97c5-f3f9aa957da2 |
|
| App Service | fa3a6357-c6d6-4120-8429-855577ec0063 | Configure Function app slots to use the latest TLS version | Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for Function apps to take advantage of security fixes, if any, and/or new functionalities of the latest version. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 001 •Website Contributor |
add | 2022-10-07 16:34:28 fa3a6357-c6d6-4120-8429-855577ec0063 |
| Synapse | 8b5c654c-fb07-471b-aa8f-15fea733f140 | Configure Azure Synapse Workspace Dedicated SQL minimum TLS version | Customers can raise or lower the minimal TLS version using the API, for both new Synapse workspaces or existing workspaces. So users who need to use a lower client version in the workspaces can connect while users who has security requirement can raise the minimum TLS version. Learn more at: https://docs.microsoft.com/azure/synapse-analytics/security/connectivity-settings. | Default Modify Allowed Modify, Disabled |
count: 001 •Contributor |
change | 2022-10-07 16:34:28 Minor (1.0.0 > 1.1.0) |
| App Service | 242222f3-4985-4e99-b5ef-086d6a6cb01c | Configure Function app slots to disable public network access | Disable public network access for your Function apps so that it is not accessible over the public internet. This can reduce data leakage risks. Learn more at: https://aka.ms/app-service-private-endpoint. | Default Modify Allowed Modify, Disabled |
count: 001 •Website Contributor |
add | 2022-10-07 16:34:28 242222f3-4985-4e99-b5ef-086d6a6cb01c |
| App Service | 5e5dbe3f-2702-4ffc-8b1e-0cae008a5c71 | Function app slots should only be accessible over HTTPS | Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. | Default Audit Allowed Audit, Disabled, Deny |
change | 2022-10-07 16:34:28 Major (1.0.0 > 2.0.0) |
|
| SQL | fd2d1a6e-6d95-4df2-ad00-504bf0273406 | Configure Arc-enabled machines running SQL Server to have SQL Server extension installed. | To ensure that SQL Server - Azure Arc resources are created by default when SQL Server instance is found on Azure Arc enabled Windows/Linux Server, the latter should have SQL Server extension installed | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 002 •Log Analytics Contributor •User Access Administrator |
change | 2022-10-07 16:34:28 Major (2.1.0 > 3.0.0) |
| App Service | 4dcfb8b5-05cd-4090-a931-2ec29057e1fc | App Service app slots should use latest 'HTTP Version' | Periodically, newer versions are released for HTTP either due to security flaws or to include additional functionality. Using the latest HTTP version for web apps to take advantage of security fixes, if any, and/or new functionalities of the newer version. | Default AuditIfNotExists Allowed AuditIfNotExists, Disabled |
add | 2022-10-07 16:34:28 4dcfb8b5-05cd-4090-a931-2ec29057e1fc |
|
| Azure Arc | 4002015b-1272-4dfb-8943-fed4aeec39b6 | Configure Azure Arc-enabled Kubernetes clusters to use an Azure Arc Private Link Scope | Azure Private Link lets you connect your virtual networks to Azure services without a public IP address at the source or destination. The Private Link platform handles the connectivity between the consumer and services over the Azure backbone network. By mapping Azure Arc-enabled servers to an Azure Arc Private Link Scope that is configured with a private endpoint, data leakage risks are reduced. Learn more about private links at: https://aka.ms/arc/privatelink. | Default Modify Allowed Modify, Disabled |
count: 001 •Kubernetes Cluster - Azure Arc Onboarding |
add | 2022-10-07 16:34:28 4002015b-1272-4dfb-8943-fed4aeec39b6 |
| App Service | cd794351-e536-40f4-9750-503a463d8cad | Configure Function apps to disable public network access | Disable public network access for your Function apps so that it is not accessible over the public internet. This can reduce data leakage risks. Learn more at: https://aka.ms/app-service-private-endpoint. | Default Modify Allowed Modify, Disabled |
count: 001 •Website Contributor |
add | 2022-10-07 16:34:28 cd794351-e536-40f4-9750-503a463d8cad |
| Monitoring | 7f89b1eb-583c-429a-8828-af049802c1d9 | Audit diagnostic setting | Audit diagnostic setting for selected resource types | Fixed AuditIfNotExists |
change | 2022-10-05 16:36:28 Major (1.1.0 > 2.0.0) |
|
| Security Center | e8794316-d918-4565-b57d-6b38a06381a0 | [Preview]: Azure Security agent should be installed on your Linux virtual machines | Install the Azure Security agent on your Linux virtual machines in order to monitor your machines for security configurations and vulnerabilities. Results of the assessments can seen and managed in Azure Security Center. | Default AuditIfNotExists Allowed AuditIfNotExists, Disabled |
change | 2022-09-30 16:34:23 Major, suffix remains equal (1.0.0-preview > 2.0.0-preview) |
|
| Synapse | cfaf0007-99c7-4b01-b36b-4048872ac978 | Azure Synapse Analytics dedicated SQL pools should enable encryption | Enable transparent data encryption for Azure Synapse Analytics dedicated SQL pools to protect data-at-rest and meet compliance requirements. Please note that enabling transparent data encryption for the pool may impact query performance. More details can refer to https://go.microsoft.com/fwlink/?linkid=2147714 | Default AuditIfNotExists Allowed AuditIfNotExists, Disabled |
add | 2022-09-30 16:34:23 cfaf0007-99c7-4b01-b36b-4048872ac978 |
|
| Security Center | 5f8eb305-9c9f-4abe-9bb0-df220d9faba2 | [Preview]: Configure supported Linux virtual machines to automatically install the Azure Security agent | Configure supported Linux virtual machines to automatically install the Azure Security agent. Security Center collects events from the agent and uses them to provide security alerts and tailored hardening tasks (recommendations). Target virtual machines must be in a supported location. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 001 •Virtual Machine Contributor |
change | 2022-09-30 16:34:23 Major, suffix remains equal (6.0.0-preview > 7.0.0-preview) |
| Security Center | 1537496a-b1e8-482b-a06a-1cc2415cdc7b | [Preview]: Configure supported Windows machines to automatically install the Azure Security agent | Configure supported Windows machines to automatically install the Azure Security agent. Security Center collects events from the agent and uses them to provide security alerts and tailored hardening tasks (recommendations). Target virtual machines must be in a supported location. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 001 •Virtual Machine Contributor |
change | 2022-09-30 16:34:23 Major, suffix remains equal (4.0.0-preview > 5.0.0-preview) |
| Security Center | 6654c8c4-e6f8-43f8-8869-54327af7ce32 | [Preview]: Configure supported Linux virtual machine scale sets to automatically install the Azure Security agent | Configure supported Linux virtual machine scale sets to automatically install the Azure Security agent. Security Center collects events from the agent and uses them to provide security alerts and tailored hardening tasks (recommendations). Target virtual machines must be in a supported location. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 001 •Virtual Machine Contributor |
change | 2022-09-30 16:34:23 Major, suffix remains equal (1.0.0-preview > 2.0.0-preview) |
| Guest Configuration | 3dc5edcd-002d-444c-b216-e123bbfa37c0 | [Preview]: Windows machines should encrypt temp disks, caches, and data flows between Compute and Storage resources. | Requires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Use Azure Disk Encryption or Encryption At Host to protect your virtual machine's OS and data disks, temp disks, data caches and any data flowing between compute and storage. To learn more about different disk encryption offerings, see https://aka.ms/diskencryptioncomparison. | Default AuditIfNotExists Allowed AuditIfNotExists, Disabled |
add | 2022-09-30 16:34:23 3dc5edcd-002d-444c-b216-e123bbfa37c0 |
|
| Security Center | 62b52eae-c795-44e3-94e8-1b3d264766fb | [Preview]: Azure Security agent should be installed on your Linux virtual machine scale sets | Install the Azure Security agent on your Linux virtual machine scale sets in order to monitor your machines for security configurations and vulnerabilities. Results of the assessments can seen and managed in Azure Security Center. | Default AuditIfNotExists Allowed AuditIfNotExists, Disabled |
change | 2022-09-30 16:34:23 Major, suffix remains equal (1.0.0-preview > 2.0.0-preview) |
|
| Guest Configuration | ca88aadc-6e2b-416c-9de2-5a0f01d1693f | [Preview]: Linux machines should encrypt temp disks, caches, and data flows between Compute and Storage resources. | Requires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Use Azure Disk Encryption or Encryption At Host to protect your virtual machine's OS and data disks, temp disks, data caches and any data flowing between compute and storage. To learn more about different disk encryption offerings, see https://aka.ms/diskencryptioncomparison. | Default AuditIfNotExists Allowed AuditIfNotExists, Disabled |
add | 2022-09-30 16:34:23 ca88aadc-6e2b-416c-9de2-5a0f01d1693f |
|
| Security Center | e16f967a-aa57-4f5e-89cd-8d1434d0a29a | [Preview]: Azure Security agent should be installed on your Windows virtual machine scale sets | Install the Azure Security agent on your Windows virtual machine scale sets in order to monitor your machines for security configurations and vulnerabilities. Results of the assessments can seen and managed in Azure Security Center. | Default AuditIfNotExists Allowed AuditIfNotExists, Disabled |
change | 2022-09-30 16:34:23 Major, suffix remains equal (1.0.0-preview > 2.0.0-preview) |
|
| Security Center | 808a7dc4-49f2-4e7b-af75-d14e561c244a | [Preview]: Configure supported Windows virtual machine scale sets to automatically install the Azure Security agent | Configure supported Windows virtual machine scale sets to automatically install the Azure Security agent. Security Center collects events from the agent and uses them to provide security alerts and tailored hardening tasks (recommendations). Target Windows virtual machine scale sets must be in a supported location. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 001 •Virtual Machine Contributor |
change | 2022-09-30 16:34:23 Major, suffix remains equal (1.0.0-preview > 2.0.0-preview) |
| Security Center | bb2c6c6d-14bc-4443-bef3-c6be0adc6076 | [Preview]: Azure Security agent should be installed on your Windows virtual machines | Install the Azure Security agent on your Windows virtual machines in order to monitor your machines for security configurations and vulnerabilities. Results of the assessments can seen and managed in Azure Security Center. | Default AuditIfNotExists Allowed AuditIfNotExists, Disabled |
change | 2022-09-30 16:34:23 Major, suffix remains equal (1.0.0-preview > 2.0.0-preview) |
|
| Regulatory Compliance | 0716f0f5-4955-2ccb-8d5e-c6be14d57c0f | Ensure resources are authorized | CMA_C1159 - Ensure resources are authorized | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 | Establish authenticator types and processes | CMA_0267 - Establish authenticator types and processes | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 9c954fcf-6dd8-81f1-41b5-832ae5c62caf | Incorporate simulated contingency training | CMA_C1260 - Incorporate simulated contingency training | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 92b94485-1c49-3350-9ada-dffe94f08e87 | Obtain approvals for acquisitions and outsourcing | CMA_C1590 - Obtain approvals for acquisitions and outsourcing | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 06af77de-02ca-0f3e-838a-a9420fe466f5 | Establish a discrete line item in budgeting documentation | CMA_C1563 - Establish a discrete line item in budgeting documentation | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | b0e3035d-6366-2e37-796e-8bcab9c649e6 | Establish a threat intelligence program | CMA_0260 - Establish a threat intelligence program | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 32f22cfa-770b-057c-965b-450898425519 | Revoke privileged roles as appropriate | CMA_0483 - Revoke privileged roles as appropriate | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | c7e8ddc1-14aa-1814-7fe1-aad1742b27da | Enforce expiration of cached authenticators | CMA_C1343 - Enforce expiration of cached authenticators | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | aa0ddd99-43eb-302d-3f8f-42b499182960 | Install an alarm system | CMA_0338 - Install an alarm system | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 90a156a6-49ed-18d1-1052-69aac27c05cd | Allocate resources in determining information system requirements | CMA_C1561 - Allocate resources in determining information system requirements | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 03d550b4-34ee-03f4-515f-f2e2faf7a413 | Review access control policies and procedures | CMA_0457 - Review access control policies and procedures | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 1fdf0b24-4043-3c55-357e-036985d50b52 | Ensure security safeguards not needed when the individuals return | CMA_C1183 - Ensure security safeguards not needed when the individuals return | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | c6aeb800-0b19-944d-92dc-59b893722329 | Rescreen individuals at a defined frequency | CMA_C1512 - Rescreen individuals at a defined frequency | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | b2c723e8-a1a0-8e38-5cf1-f5a20ffe4f51 | Publish access procedures in SORNs | CMA_C1848 - Publish access procedures in SORNs | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | f6794ab8-9a7d-3b24-76ab-265d3646232b | Provide role-based training on suspicious activities | CMA_C1097 - Provide role-based training on suspicious activities | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | edcc36f1-511b-81e0-7125-abee29752fe7 | Manage availability and capacity | CMA_0356 - Manage availability and capacity | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 42116f15-5665-a52a-87bb-b40e64c74b6c | Develop acceptable use policies and procedures | CMA_0143 - Develop acceptable use policies and procedures | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 6b957f60-54cd-5752-44d5-ff5a64366c93 | Develop SSP that meets criteria | CMA_C1492 - Develop SSP that meets criteria | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | e6f7b584-877a-0d69-77d4-ab8b923a9650 | Document separation of duties | CMA_0204 - Document separation of duties | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 464a7d7a-2358-4869-0b49-6d582ca21292 | Ensure capital planning and investment requests include necessary resources | CMA_C1734 - Ensure capital planning and investment requests include necessary resources | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 8b333332-6efd-7c0d-5a9f-d1eb95105214 | Employ FIPS 201-approved technology for PIV | CMA_C1579 - Employ FIPS 201-approved technology for PIV | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 18e7906d-4197-20fa-2f14-aaac21864e71 | Document process to ensure integrity of PII | CMA_C1827 - Document process to ensure integrity of PII | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 54a9c072-4a93-2a03-6a43-a060d30383d7 | Eradicate contaminated information | CMA_0253 - Eradicate contaminated information | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 08ad71d0-52be-6503-4908-e015460a16ae | Require use of individual authenticators | CMA_C1305 - Require use of individual authenticators | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | e4054c0e-1184-09e6-4c5e-701e0bc90f81 | Report atypical behavior of user accounts | CMA_C1025 - Report atypical behavior of user accounts | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 5269d7e4-3768-501d-7e46-66c56c15622c | Manage contacts for authorities and special interest groups | CMA_0359 - Manage contacts for authorities and special interest groups | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 085467a6-9679-5c65-584a-f55acefd0d43 | Require developers to implement only approved changes | CMA_C1596 - Require developers to implement only approved changes | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 29acfac0-4bb4-121b-8283-8943198b1549 | Review and update identification and authentication policies and procedures | CMA_C1299 - Review and update identification and authentication policies and procedures | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | f29b17a4-0df2-8a50-058a-8570f9979d28 | Assign system identifiers | CMA_0018 - Assign system identifiers | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 8d140e8b-76c7-77de-1d46-ed1b2e112444 | Restrict access to private keys | CMA_0445 - Restrict access to private keys | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 70a7a065-a060-85f8-7863-eb7850ed2af9 | Produce Security Assessment report | CMA_C1146 - Produce Security Assessment report | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Security Center | 6074e9a3-c711-4856-976d-24d51f9e065b | [Preview]: Configure supported Linux virtual machines to automatically install the Guest Attestation extension | Configure supported Linux virtual machines to automatically install the Guest Attestation extension to allow Azure Security Center to proactively attest and monitor the boot integrity. Boot integrity is attested via Remote Attestation. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 001 •Virtual Machine Contributor |
change | 2022-09-27 16:35:32 Major, suffix remains equal (6.0.0-preview > 7.0.0-preview) |
| Regulatory Compliance | aa305b4d-8c84-1754-0c74-dec004e66be0 | Develop contingency plan | CMA_C1244 - Develop contingency plan | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 82bd024a-5c99-05d6-96ff-01f539676a1a | Monitor security and privacy training completion | CMA_0379 - Monitor security and privacy training completion | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Security Center | 1cb4d9c2-f88f-4069-bee0-dba239a57b09 | [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines | Install Guest Attestation extension on supported virtual machines to allow Azure Security Center to proactively attest and monitor the boot integrity. Once installed, boot integrity will be attested via Remote Attestation. This assessment applies to Trusted Launch and Confidential Windows virtual machines. | Default AuditIfNotExists Allowed AuditIfNotExists, Disabled |
change | 2022-09-27 16:35:32 Major, suffix remains equal (3.0.0-preview > 4.0.0-preview) |
|
| Monitoring | 383c45fa-8b64-4d1c-aa9f-e69d2d879aa4 | The legacy Log Analytics extension should not be installed on Linux virtual machine scale sets | Automatically prevent installation of the legacy Log Analytics Agent as the final step of migrating from legacy agents to Azure Monitor Agent. After you have uninstalled existing legacy extensions, this policy will deny all future installations of the legacy agent extension on Linux virtual machine scale sets. Learn more: https://aka.ms/migratetoAMA | Default Audit Allowed Deny, Audit, Disabled |
add | 2022-09-27 16:35:32 383c45fa-8b64-4d1c-aa9f-e69d2d879aa4 |
|
| Regulatory Compliance | 8c5d3d8d-5cba-0def-257c-5ab9ea9644dc | Perform a risk assessment | CMA_0388 - Perform a risk assessment | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Security Center | 672fe5a1-2fcd-42d7-b85d-902b6e28c6ff | [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines | Install Guest Attestation extension on supported Linux virtual machines to allow Azure Security Center to proactively attest and monitor the boot integrity. Once installed, boot integrity will be attested via Remote Attestation. This assessment applies to Trusted Launch and Confidential Linux virtual machines. | Default AuditIfNotExists Allowed AuditIfNotExists, Disabled |
change | 2022-09-27 16:35:32 Major, suffix remains equal (5.0.0-preview > 6.0.0-preview) |
|
| Regulatory Compliance | e89436d8-6a93-3b62-4444-1d2a42ad56b2 | Reevaluate access upon personnel transfer | CMA_0424 - Reevaluate access upon personnel transfer | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | a3e98638-51d4-4e28-910a-60e98c1a756f | Configure Azure Audit capabilities | CMA_C1108 - Configure Azure Audit capabilities | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 11ba0508-58a8-44de-5f3a-9e05d80571da | Develop business classification schemes | CMA_0155 - Develop business classification schemes | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 79f081c7-1634-01a1-708e-376197999289 | Review user accounts | CMA_0480 - Review user accounts | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 6f3866e8-6e12-69cf-788c-809d426094a1 | Establish electronic signature and certificate requirements | CMA_0271 - Establish electronic signature and certificate requirements | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 964b340a-43a4-4798-2af5-7aedf6cb001b | Collect PII directly from the individual | CMA_C1822 - Collect PII directly from the individual | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 55be3260-a7a2-3c06-7fe6-072d07525ab7 | Accept PIV credentials | CMA_C1347 - Accept PIV credentials | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | dc7ec756-221c-33c8-0afe-c48e10e42321 | Verify security controls for external information systems | CMA_0541 - Verify security controls for external information systems | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 91a54089-2d69-0f56-62dc-b6371a1671c0 | Resume all mission and business functions | CMA_C1254 - Resume all mission and business functions | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | a4493012-908c-5f48-a468-1e243be884ce | Review security assessment and authorization policies and procedures | CMA_C1143 - Review security assessment and authorization policies and procedures | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | db8b35d6-8adb-3f51-44ff-c648ab5b1530 | Employ FICAM-approved resources to accept third-party credentials | CMA_C1349 - Employ FICAM-approved resources to accept third-party credentials | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | f8a63511-66f1-503f-196d-d6217ee0823a | Require developers to produce evidence of security assessment plan execution | CMA_C1602 - Require developers to produce evidence of security assessment plan execution | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 0fd1ca29-677b-2f12-1879-639716459160 | Maintain data breach records | CMA_0351 - Maintain data breach records | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | b4e19d22-8c0e-7cad-3219-c84c62dc250f | Review and update media protection policies and procedures | CMA_C1427 - Review and update media protection policies and procedures | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | f2222056-062d-1060-6dc2-0107a68c34b2 | Manage a secure surveillance camera system | CMA_0354 - Manage a secure surveillance camera system | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 0471c6b7-1588-701c-2713-1fade73b75f6 | Display an explicit logout message | CMA_C1056 - Display an explicit logout message | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | ced291b8-1d3d-7e27-40cf-829e9dd523c8 | Review and update the information security architecture | CMA_C1504 - Review and update the information security architecture | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 80a97208-264e-79da-0cc7-4fca179a0c9c | Protect against and prevent data theft from departing employees | CMA_0398 - Protect against and prevent data theft from departing employees | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 2d4d0e90-32d9-4deb-2166-a00d51ed57c0 | Provide information spillage training | CMA_0413 - Provide information spillage training | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 423f6d9c-0c73-9cc6-64f4-b52242490368 | Develop security safeguards | CMA_0161 - Develop security safeguards | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 39eb03c1-97cc-11ab-0960-6209ed2869f7 | Establish a privacy program | CMA_0257 - Establish a privacy program | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | bb048641-6017-7272-7772-a008f285a520 | Develop spillage response procedures | CMA_0162 - Develop spillage response procedures | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 7805a343-275c-41be-9d62-7215b96212d8 | Reassign or remove user privileges as needed | CMA_C1040 - Reassign or remove user privileges as needed | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | f78fc35e-1268-0bca-a798-afcba9d2330a | Select additional testing for security control assessments | CMA_C1149 - Select additional testing for security control assessments | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | f801d58e-5659-9a4a-6e8d-02c9334732e5 | Restore resources to operational state | CMA_C1297 - Restore resources to operational state | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | df54d34f-65f3-39f1-103c-a0464b8615df | Manage transfers between standby and active system components | CMA_0371 - Manage transfers between standby and active system components | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 4c6df5ff-4ef2-4f17-a516-0da9189c603b | Assign account managers | CMA_0015 - Assign account managers | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 97cfd944-6f0c-7db2-3796-8e890ef70819 | Establish conditions for role membership | CMA_0269 - Establish conditions for role membership | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | ba02d0a0-566a-25dc-73f1-101c726a19c5 | Implement transaction based recovery | CMA_C1296 - Implement transaction based recovery | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | b9d45adb-471b-56a5-64d2-5b241f126174 | Automate privacy controls | CMA_C1817 - Automate privacy controls | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | a830fe9e-08c9-a4fb-420c-6f6bf1702395 | Review account provisioning logs | CMA_0460 - Review account provisioning logs | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 6de65dc4-8b4f-34b7-9290-eb137a2e2929 | Develop and document application security requirements | CMA_0148 - Develop and document application security requirements | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 5c40f27b-6791-18c5-3f85-7b863bd99c11 | Automate proposed documented changes | CMA_C1191 - Automate proposed documented changes | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 0e696f5a-451f-5c15-5532-044136538491 | Protect audit information | CMA_0401 - Protect audit information | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 8a703eb5-4e53-701b-67e4-05ba2f7930c8 | Separate user and information system management functionality | CMA_0493 - Separate user and information system management functionality | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928 | Appoint a senior information security officer | CMA_C1733 - Appoint a senior information security officer | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 35963d41-4263-0ef9-98d5-70eb058f9e3c | Establish procedures for initial authenticator distribution | CMA_0276 - Establish procedures for initial authenticator distribution | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 33832848-42ab-63f3-1a55-c0ad309d44cd | Implement an automated configuration management tool | CMA_0311 - Implement an automated configuration management tool | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 341bc9f1-7489-07d9-4ec6-971573e1546a | Define access authorizations to support separation of duties | CMA_0116 - Define access authorizations to support separation of duties | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 6625638f-3ba1-7404-5983-0ea33d719d34 | Review audit data | CMA_0466 - Review audit data | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | ced727b3-005e-3c5b-5cd5-230b79d56ee8 | Implement a fault tolerant name/address service | CMA_0305 - Implement a fault tolerant name/address service | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | b470a37a-7a47-3792-34dd-7a793140702e | Establish relationship between incident response capability and external providers | CMA_C1376 - Establish relationship between incident response capability and external providers | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 1bc7fd64-291f-028e-4ed6-6e07886e163f | Employ least privilege access | CMA_0212 - Employ least privilege access | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | d6653f89-7cb5-24a4-9d71-51581038231b | Reauthenticate or terminate a user session | CMA_0421 - Reauthenticate or terminate a user session | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 22a02c9a-49e4-5dc9-0d14-eb35ad717154 | Obtain design and implementation information for the security controls | CMA_C1576 - Obtain design and implementation information for the security controls | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 2b05dca2-25ec-9335-495c-29155f785082 | Provide security training before providing access | CMA_0418 - Provide security training before providing access | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 4b8fd5da-609b-33bf-9724-1c946285a14c | Notify Account Managers of customer controlled accounts | CMA_C1009 - Notify Account Managers of customer controlled accounts | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 05ec66a2-137c-14b8-8e75-3d7a2bef07f8 | Implement physical security for offices, working areas, and secure areas | CMA_0323 - Implement physical security for offices, working areas, and secure areas | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8 | Prevent split tunneling for remote devices | CMA_C1632 - Prevent split tunneling for remote devices | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | d136ae80-54dd-321c-98b4-17acf4af2169 | Provide updated security awareness training | CMA_C1090 - Provide updated security awareness training | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | b8a9bb2f-7290-3259-85ce-dca7d521302d | Initiate transfer or reassignment actions | CMA_0333 - Initiate transfer or reassignment actions | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 04b3e7f6-4841-888d-4799-cda19a0084f6 | Document and implement wireless access guidelines | CMA_0190 - Document and implement wireless access guidelines | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 44f8a42d-739f-8030-89a8-4c2d5b3f6af3 | Provide audit review, analysis, and reporting capability | CMA_C1124 - Provide audit review, analysis, and reporting capability | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 1e876c5c-0f2a-8eb6-69f7-5f91e7918ed6 | Review development process, standards and tools | CMA_C1610 - Review development process, standards and tools | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 426c172c-9914-10d1-25dd-669641fc1af4 | Enable detection of network devices | CMA_0220 - Enable detection of network devices | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 8cd815bf-97e1-5144-0735-11f6ddb50a59 | Enforce and audit access restrictions | CMA_C1203 - Enforce and audit access restrictions | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 8f835d6a-4d13-9a9c-37dc-176cebd37fda | Document wireless access security controls | CMA_C1695 - Document wireless access security controls | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | d02498e0-8a6f-6b02-8332-19adf6711d1e | Develop organization code of conduct policy | CMA_0159 - Develop organization code of conduct policy | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 39999038-9ef1-602a-158c-ce2367185230 | Define performance metrics | CMA_0124 - Define performance metrics | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | c3b3cc61-9c70-5d78-7f12-1aefcc477db7 | Review security testing, training, and monitoring plans | CMA_C1754 - Review security testing, training, and monitoring plans | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 01ae60e2-38bb-0a32-7b20-d3a091423409 | Implement system boundary protection | CMA_0328 - Implement system boundary protection | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 37546841-8ea1-5be0-214d-8ac599588332 | Maintain incident response plan | CMA_0352 - Maintain incident response plan | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 70057208-70cc-7b31-3c3a-121af6bc1966 | Secure commitment from leadership | CMA_0489 - Secure commitment from leadership | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68 | Conduct risk assessment and document its results | CMA_C1542 - Conduct risk assessment and document its results | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | f30edfad-4e1d-1eef-27ee-9292d6d89842 | Perform security function verification at a defined frequency | CMA_C1709 - Perform security function verification at a defined frequency | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 2b2f3a72-9e68-3993-2b69-13dcdecf8958 | Define requirements for supplying goods and services | CMA_0126 - Define requirements for supplying goods and services | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 4012c2b7-4e0e-a7ab-1688-4aab43f14420 | Map authenticated identities to individuals | CMA_0372 - Map authenticated identities to individuals | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | d661e9eb-4e15-5ba1-6f02-cdc467db0d6c | Define organizational requirements for cryptographic key management | CMA_0123 - Define organizational requirements for cryptographic key management | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 3baee3fd-30f5-882c-018c-cc78703a0106 | Employ independent assessors for continuous monitoring | CMA_C1168 - Employ independent assessors for continuous monitoring | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 3c9aa856-6b86-35dc-83f4-bc72cec74dea | Establish a data leakage management procedure | CMA_0255 - Establish a data leakage management procedure | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 729c8708-2bec-093c-8427-2e87d2cd426d | Automate notification of employee termination | CMA_C1521 - Automate notification of employee termination | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 5f2e834d-7e40-a4d5-a216-e49b16955ccf | Establish requirements for internet service providers | CMA_0278 - Establish requirements for internet service providers | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | e8c31e15-642d-600f-78ab-bad47a5787e6 | Require third-party providers to comply with personnel security policies and procedures | CMA_C1530 - Require third-party providers to comply with personnel security policies and procedures | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | a8df9c78-4044-98be-2c05-31a315ac8957 | Conform to FICAM-issued profiles | CMA_C1350 - Conform to FICAM-issued profiles | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 49c23d9b-02b0-0e42-4f94-e8cef1b8381b | Audit user account status | CMA_0020 - Audit user account status | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 01c387ea-383d-4ca9-295a-977fab516b03 | Authorize remote access to privileged commands | CMA_C1064 - Authorize remote access to privileged commands | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 7fc1f0da-0050-19bb-3d75-81ae15940df6 | Provide monitoring information as needed | CMA_C1689 - Provide monitoring information as needed | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 92b49e92-570f-1765-804a-378e6c592e28 | Automate process to highlight unreviewed change proposals | CMA_C1193 - Automate process to highlight unreviewed change proposals | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 585af6e9-90c0-4575-67a7-2f9548972e32 | Review and reevaluate privileges | CMA_C1207 - Review and reevaluate privileges | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 6f1de470-79f3-1572-866e-db0771352fc8 | Authenticate to cryptographic module | CMA_0021 - Authenticate to cryptographic module | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 23d1a569-2d1e-7f43-9e22-1f94115b7dd5 | Identify classes of Incidents and Actions taken | CMA_C1365 - Identify classes of Incidents and Actions taken | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 5b802722-71dd-a13d-2e7e-231e09589efb | Implement privileged access for executing vulnerability scanning activities | CMA_C1555 - Implement privileged access for executing vulnerability scanning activities | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 75b9db50-7906-2351-98ae-0458218609e5 | Retain accounting of disclosures of information | CMA_C1819 - Retain accounting of disclosures of information | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 0803eaa7-671c-08a7-52fd-ac419f775e75 | Document acquisition contract acceptance criteria | CMA_0187 - Document acquisition contract acceptance criteria | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 6610f662-37e9-2f71-65be-502bdc2f554d | Update rules of behavior and access agreements | CMA_0521 - Update rules of behavior and access agreements | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | a30bd8e9-7064-312a-0e1f-e1b485d59f6e | Review exploit protection events | CMA_0472 - Review exploit protection events | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | de770ba6-50dd-a316-2932-e0d972eaa734 | Require approval for account creation | CMA_0431 - Require approval for account creation | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | ab02bb73-4ce1-89dd-3905-d93042809ba0 | Align business objectives and IT goals | CMA_0008 - Align business objectives and IT goals | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 27ab3ac0-910d-724d-0afa-1a2a01e996c0 | Respond to rectification requests | CMA_0442 - Respond to rectification requests | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 26d178a4-9261-6f04-a100-47ed85314c6e | Implement security directives | CMA_C1706 - Implement security directives | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 5020f3f4-a579-2f28-72a8-283c5a0b15f9 | Restrict communications | CMA_0449 - Restrict communications | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 1beb1269-62ee-32cd-21ad-43d6c9750eb6 | Ensure privacy program information is publicly available | CMA_C1867 - Ensure privacy program information is publicly available | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 4ce91e4e-6dab-3c46-011a-aa14ae1561bf | Maintain list of authorized remote maintenance personnel | CMA_C1420 - Maintain list of authorized remote maintenance personnel | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | a08b18c7-9e0a-89f1-3696-d80902196719 | Document access privileges | CMA_0186 - Document access privileges | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Cosmos DB | 9d83ccb1-f313-46ce-9d39-a198bfdb51a0 | Azure Cosmos DB accounts should not exceed the maximum number of days allowed since last account key regeneration. | Regenerate your keys in the specified time to keep your data more protected. | Default Audit Allowed Audit, Disabled |
add | 2022-09-27 16:35:32 9d83ccb1-f313-46ce-9d39-a198bfdb51a0 |
|
| Regulatory Compliance | 9622aaa9-5c49-40e2-5bf8-660b7cd23deb | Alert personnel of information spillage | CMA_0007 - Alert personnel of information spillage | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | e7422f08-65b4-50e4-3779-d793156e0079 | Develop a concept of operations (CONOPS) | CMA_0141 - Develop a concept of operations (CONOPS) | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 056a723b-4946-9d2a-5243-3aa27c4d31a1 | Satisfy token quality requirements | CMA_0487 - Satisfy token quality requirements | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 10874318-0bf7-a41f-8463-03e395482080 | Correlate audit records | CMA_0087 - Correlate audit records | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 4ee5975d-2507-5530-a20a-83a725889c6f | Restrict unauthorized software and firmware installation | CMA_C1205 - Restrict unauthorized software and firmware installation | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 85335602-93f5-7730-830b-d43426fd51fa | Integrate Audit record analysis | CMA_C1120 - Integrate Audit record analysis | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 1ee4c7eb-480a-0007-77ff-4ba370776266 | Use system clocks for audit records | CMA_0535 - Use system clocks for audit records | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 096a7055-30cb-2db4-3fda-41b20ac72667 | Require interconnection security agreements | CMA_C1151 - Require interconnection security agreements | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 | Verify personal data is deleted at the end of processing | CMA_0540 - Verify personal data is deleted at the end of processing | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 1282809c-9001-176b-4a81-260a085f4872 | Perform audit for configuration change control | CMA_0390 - Perform audit for configuration change control | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | c79d378a-2521-822a-0407-57454f8d2c74 | Notify upon termination or transfer | CMA_0381 - Notify upon termination or transfer | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | be38a620-000b-21cf-3cb3-ea151b704c3b | Remediate information system flaws | CMA_0427 - Remediate information system flaws | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | ffdaa742-0d6f-726f-3eac-6e6c34e36c93 | Establish usage restrictions for mobile code technologies | CMA_C1652 - Establish usage restrictions for mobile code technologies | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | f6da5cca-5795-60ff-49e1-4972567815fe | Require developer to identify SDLC ports, protocols, and services | CMA_C1578 - Require developer to identify SDLC ports, protocols, and services | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 0f31d98d-5ce2-705b-4aa5-b4f6705110dd | Prepare alternate processing site for use as operational site | CMA_C1278 - Prepare alternate processing site for use as operational site | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 22457e81-3ec6-5271-a786-c3ca284601dd | Isolate information spills | CMA_0346 - Isolate information spills | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | b65c5d8e-9043-9612-2c17-65f231d763bb | Employ independent assessors to conduct security control assessments | CMA_C1148 - Employ independent assessors to conduct security control assessments | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | d78f95ba-870a-a500-6104-8a5ce2534f19 | Document protection of security information in acquisition contracts | CMA_0195 - Document protection of security information in acquisition contracts | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 7c7032fe-9ce6-9092-5890-87a1a3755db1 | Retain terminated user data | CMA_0455 - Retain terminated user data | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 26daf649-22d1-97e9-2a8a-01b182194d59 | Configure workstations to check for digital certificates | CMA_0073 - Configure workstations to check for digital certificates | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 53fc1282-0ee3-2764-1319-e20143bb0ea5 | Review contingency plan | CMA_C1247 - Review contingency plan | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | ffea18d9-13de-6505-37f3-4c1f88070ad7 | Review cloud service provider's compliance with policies and agreements | CMA_0469 - Review cloud service provider's compliance with policies and agreements | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | c72fc0c8-2df8-7506-30be-6ba1971747e1 | Automate implementation of approved change notifications | CMA_C1196 - Automate implementation of approved change notifications | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | f476f3b0-4152-526e-a209-44e5f8c968d7 | Establish network segmentation for card holder data environment | CMA_0273 - Establish network segmentation for card holder data environment | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 57adc919-9dca-817c-8197-64d812070316 | Develop an enterprise architecture | CMA_C1741 - Develop an enterprise architecture | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 | Enable dual or joint authorization | CMA_0226 - Enable dual or joint authorization | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab | Check for privacy and security compliance before establishing internal connections | CMA_0053 - Check for privacy and security compliance before establishing internal connections | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | b4409bff-2287-8407-05fd-c73175a68302 | Enforce a limit of consecutive failed login attempts | CMA_C1044 - Enforce a limit of consecutive failed login attempts | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 1ff03f2a-974b-3272-34f2-f6cd51420b30 | Obscure feedback information during authentication process | CMA_C1344 - Obscure feedback information during authentication process | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 8e49107c-3338-40d1-02aa-d524178a2afe | Deliver security assessment results | CMA_C1147 - Deliver security assessment results | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 1d39b5d9-0392-8954-8359-575ce1957d1a | Support personal verification credentials issued by legal authorities | CMA_0507 - Support personal verification credentials issued by legal authorities | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | e7589f4e-1e8b-72c2-3692-1e14d7f3699f | Ensure access agreements are signed or resigned timely | CMA_C1528 - Ensure access agreements are signed or resigned timely | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | a1334a65-2622-28ee-5067-9d7f5b915cc5 | Communicate contingency plan changes | CMA_C1249 - Communicate contingency plan changes | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 44b71aa8-099d-8b97-1557-0e853ec38e0d | Obtain functional properties of security controls | CMA_C1575 - Obtain functional properties of security controls | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 83eea3d3-0d2c-9ccd-1021-2111b29b2a62 | Ensure system capable of dynamic isolation of resources | CMA_C1638 - Ensure system capable of dynamic isolation of resources | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 50e9324a-7410-0539-0662-2c1e775538b7 | Authorize and manage access | CMA_0023 - Authorize and manage access | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 677e1da4-00c3-287a-563d-f4a1cf9b99a0 | Conduct Risk Assessment | CMA_C1543 - Conduct Risk Assessment | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 9c93ef57-7000-63fb-9b74-88f2e17ca5d2 | Disseminate security alerts to personnel | CMA_C1705 - Disseminate security alerts to personnel | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | fc26e2fd-3149-74b4-5988-d64bb90f8ef7 | Separately store backup information | CMA_C1293 - Separately store backup information | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | b8587fce-138f-86e8-33a3-c60768bf1da6 | Automate remote maintenance activities | CMA_C1402 - Automate remote maintenance activities | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 46ab2c5e-6654-1f58-8c83-e97a44f39308 | Identify external service providers | CMA_C1591 - Identify external service providers | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | eab4450d-9e5c-4f38-0656-2ff8c78c83f3 | Document and implement privacy complaint procedures | CMA_0189 - Document and implement privacy complaint procedures | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | b28c8687-4bbd-8614-0b96-cdffa1ac6d9c | Review and update incident response policies and procedures | CMA_C1352 - Review and update incident response policies and procedures | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | ca6d7878-3189-1833-4620-6c7254ed1607 | Obtain continuous monitoring plan for security controls | CMA_C1577 - Obtain continuous monitoring plan for security controls | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 4edaca8c-0912-1ac5-9eaa-6a1057740fae | Provide capability to disconnect or disable remote access | CMA_C1066 - Provide capability to disconnect or disable remote access | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 | Review and update physical and environmental policies and procedures | CMA_C1446 - Review and update physical and environmental policies and procedures | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 4c385143-09fd-3a34-790c-a5fd9ec77ddc | Provide role-based security training | CMA_C1094 - Provide role-based security training | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 2cc9c165-46bd-9762-5739-d2aae5ba90a1 | Automate account management | CMA_0026 - Automate account management | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 396f465d-375e-57de-58ba-021adb008191 | Invalidate session identifiers at logout | CMA_C1661 - Invalidate session identifiers at logout | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | de077e7e-0cc8-65a6-6e08-9ab46c827b05 | Produce, control and distribute asymmetric cryptographic keys | CMA_C1646 - Produce, control and distribute asymmetric cryptographic keys | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 98e33927-8d7f-6d5f-44f5-2469b40b7215 | Implement Incident handling capability | CMA_C1367 - Implement Incident handling capability | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | cdcb825f-a0fb-31f9-29c1-ab566718499a | Publish Computer Matching Agreements on public website | CMA_C1829 - Publish Computer Matching Agreements on public website | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | ebb0ba89-6d8c-84a7-252b-7393881e43de | Document security strength requirements in acquisition contracts | CMA_0203 - Document security strength requirements in acquisition contracts | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | d48a6f19-a284-6fc6-0623-3367a74d3f50 | Update interconnection security agreements | CMA_0519 - Update interconnection security agreements | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 3d399cf3-8fc6-0efc-6ab0-1412f1198517 | Block untrusted and unsigned processes that run from USB | CMA_0050 - Block untrusted and unsigned processes that run from USB | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 098dcde7-016a-06c3-0985-0daaf3301d3a | Distribute authenticators | CMA_0184 - Distribute authenticators | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | eb598832-4bcc-658d-4381-3ecbe17b9866 | Provide timely maintenance support | CMA_C1425 - Provide timely maintenance support | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | eaaae23f-92c9-4460-51cf-913feaea4d52 | Employ a media sanitization mechanism | CMA_0208 - Employ a media sanitization mechanism | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | e29a8f1b-149b-2fa3-969d-ebee1baa9472 | Assign an authorizing official (AO) | CMA_C1158 - Assign an authorizing official (AO) | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f | Perform vulnerability scans | CMA_0393 - Perform vulnerability scans | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 0040d2e5-2779-170d-6a2c-1f5fca353335 | Restrict location of information processing, storage and services | CMA_C1593 - Restrict location of information processing, storage and services | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | b6ad009f-5c24-1dc0-a25e-74b60e4da45f | Control maintenance and repair activities | CMA_0080 - Control maintenance and repair activities | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | e714b481-8fac-64a2-14a9-6f079b2501a4 | Use privileged identity management | CMA_0533 - Use privileged identity management | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | e3905a3c-97e7-0b4f-15fb-465c0927536f | Correlate Vulnerability scan information | CMA_C1558 - Correlate Vulnerability scan information | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 | Define a physical key management process | CMA_0115 - Define a physical key management process | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | dad8a2e9-6f27-4fc2-8933-7e99fe700c9c | Authorize remote access | CMA_0024 - Authorize remote access | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | e336d5f4-4d8f-0059-759c-ae10f63d1747 | Enforce user uniqueness | CMA_0250 - Enforce user uniqueness | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | b3c8cc83-20d3-3890-8bc8-5568777670f4 | Establish requirements for audit review and reporting | CMA_0277 - Establish requirements for audit review and reporting | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 43ac3ccb-4ef6-7d63-9a3f-6848485ba4e8 | Automate process to document implemented changes | CMA_C1195 - Automate process to document implemented changes | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | d8350d4c-9314-400b-288f-20ddfce04fbd | Define and enforce the limit of concurrent sessions | CMA_C1050 - Define and enforce the limit of concurrent sessions | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 | Disable authenticators upon termination | CMA_0169 - Disable authenticators upon termination | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | cbfa1bd0-714d-8d6f-0480-2ad6a53972df | Define and document government oversight | CMA_C1587 - Define and document government oversight | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 | Define mobile device requirements | CMA_0122 - Define mobile device requirements | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 6f311b49-9b0d-8c67-3d6e-db80ae528173 | Bind authenticators and identities dynamically | CMA_0035 - Bind authenticators and identities dynamically | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | db28735f-518f-870e-15b4-49623cbe3aa0 | Verify software, firmware and information integrity | CMA_0542 - Verify software, firmware and information integrity | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 0a24f5dc-8c40-94a7-7aee-bb7cd4781d37 | Issue guidelines for ensuring data quality and integrity | CMA_C1824 - Issue guidelines for ensuring data quality and integrity | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | af227964-5b8b-22a2-9364-06d2cb9d6d7c | Develop information security policies and procedures | CMA_0158 - Develop information security policies and procedures | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 10c4210b-3ec9-9603-050d-77e4d26c7ebb | Enforce logical access | CMA_0245 - Enforce logical access | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 29363ae1-68cd-01ca-799d-92c9197c8404 | Manage authenticator lifetime and reuse | CMA_0355 - Manage authenticator lifetime and reuse | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 92ede480-154e-0e22-4dca-8b46a74a3a51 | Maintain records of processing of personal data | CMA_0353 - Maintain records of processing of personal data | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 55a7f9a0-6397-7589-05ef-5ed59a8149e7 | Control physical access | CMA_0081 - Control physical access | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 5c33538e-02f8-0a7f-998b-a4c1e22076d3 | Govern compliance of cloud service providers | CMA_0290 - Govern compliance of cloud service providers | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | dbcef108-7a04-38f5-8609-99da110a2a57 | Determine information protection needs | CMA_C1750 - Determine information protection needs | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 0461cacd-0b3b-4f66-11c5-81c9b19a3d22 | Verify inaccurate or outdated PII | CMA_C1823 - Verify inaccurate or outdated PII | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 08c11b48-8745-034d-1c1b-a144feec73b9 | Restrict use of open source software | CMA_C1237 - Restrict use of open source software | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 496b407d-9b9e-81e8-4ba4-44bc686b016a | Conduct exit interview upon termination | CMA_0058 - Conduct exit interview upon termination | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 2e7a98c9-219f-0d58-38dc-d69038224442 | Protect the information security program plan | CMA_C1732 - Protect the information security program plan | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | ad1d562b-a04b-15d3-6770-ed310b601cb5 | Publish rules and regulations accessing Privacy Act records | CMA_C1847 - Publish rules and regulations accessing Privacy Act records | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 3881168c-5d38-6f04-61cc-b5d87b2c4c58 | Establish third-party personnel security requirements | CMA_C1529 - Establish third-party personnel security requirements | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | e0c480bf-0d68-a42d-4cbb-b60f851f8716 | Implement personnel screening | CMA_0322 - Implement personnel screening | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | ae5345d5-8dab-086a-7290-db43a3272198 | Identify and authenticate network devices | CMA_0296 - Identify and authenticate network devices | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | b8689b2e-4308-a58b-a0b4-6f3343a000df | Use automated mechanisms for security alerts | CMA_C1707 - Use automated mechanisms for security alerts | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 28aa060e-25c7-6121-05d8-a846f11433df | Review and update planning policies and procedures | CMA_C1491 - Review and update planning policies and procedures | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 13939f8c-4cd5-a6db-9af4-9dfec35e3722 | Identify and mitigate potential issues at alternate storage site | CMA_C1271 - Identify and mitigate potential issues at alternate storage site | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 898a5781-2254-5a37-34c7-d78ea7c20d55 | Publish SORNs for systems containing PII | CMA_C1862 - Publish SORNs for systems containing PII | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 96333008-988d-4add-549b-92b3a8c42063 | Update privacy plan, policies, and procedures | CMA_C1807 - Update privacy plan, policies, and procedures | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 5226dee6-3420-711b-4709-8e675ebd828f | Update information security policies | CMA_0518 - Update information security policies | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | af38215f-70c4-0cd6-40c2-c52d86690a45 | Set automated notifications for new and trending cloud applications in your organization | CMA_0495 - Set automated notifications for new and trending cloud applications in your organization | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 63f63e71-6c3f-9add-4c43-64de23e554a7 | Manage gateways | CMA_0363 - Manage gateways | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 7a489c62-242c-5db9-74df-c073056d6fa3 | Designate personnel to supervise unauthorized maintenance activities | CMA_C1422 - Designate personnel to supervise unauthorized maintenance activities | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 8eea8c14-4d93-63a3-0c82-000343ee5204 | Conduct a full text analysis of logged privileged commands | CMA_0056 - Conduct a full text analysis of logged privileged commands | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | c6fe3856-4635-36b6-983c-070da12a953b | Implement the risk management strategy | CMA_C1744 - Implement the risk management strategy | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 35de8462-03ff-45b3-5746-9d4603c74c56 | Implement an insider threat program | CMA_C1751 - Implement an insider threat program | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 56fb5173-3865-5a5d-5fad-ae33e53e1577 | Address information security issues | CMA_C1742 - Address information security issues | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 68a39c2b-0f17-69ee-37a3-aa10f9853a08 | Establish voip usage restrictions | CMA_0280 - Establish voip usage restrictions | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 03b6427e-6072-4226-4bd9-a410ab65317e | Design an access control model | CMA_0129 - Design an access control model | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Monitoring | 1f6e93e8-6b31-41b1-83f6-36e449a42579 | Deploy Diagnostic Settings for Event Hub to Log Analytics workspace | Deploys the diagnostic settings for Event Hub to stream to a regional Log Analytics workspace when any Event Hub which is missing this diagnostic settings is created or updated. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 002 •Log Analytics Contributor •Monitoring Contributor |
change | 2022-09-27 16:35:32 Major (1.1.0 > 2.0.0) |
| Regulatory Compliance | 398fdbd8-56fd-274d-35c6-fa2d3b2755a1 | Establish firewall and router configuration standards | CMA_0272 - Establish firewall and router configuration standards | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 69d90ee6-9f9f-262a-2038-d909fb4e5723 | Identify spilled information | CMA_0303 - Identify spilled information | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | de251b09-4a5e-1204-4bef-62ac58d47999 | Adjust level of audit review, analysis, and reporting | CMA_C1123 - Adjust level of audit review, analysis, and reporting | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 3eecf628-a1c8-1b48-1b5c-7ca781e97970 | Specify permitted actions associated with customer audit information | CMA_C1122 - Specify permitted actions associated with customer audit information | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 84245967-7882-54f6-2d34-85059f725b47 | Establish an information security program | CMA_0263 - Establish an information security program | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | ff136354-1c92-76dc-2dab-80fb7c6a9f1a | Observe and report security weaknesses | CMA_0384 - Observe and report security weaknesses | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 4502e506-5f35-0df4-684f-b326e3cc7093 | Terminate user session automatically | CMA_C1054 - Terminate user session automatically | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | d041726f-00e0-41ca-368c-b1a122066482 | Provide role-based practical exercises | CMA_C1096 - Provide role-based practical exercises | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 60442979-6333-85f0-84c5-b887bac67448 | Evaluate alternate processing site capabilities | CMA_C1266 - Evaluate alternate processing site capabilities | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | ed87d27a-9abf-7c71-714c-61d881889da4 | Monitor privileged role assignment | CMA_0378 - Monitor privileged role assignment | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | ef5a7059-6651-73b1-18b3-75b1b79c1565 | Define information security roles and responsibilities | CMA_C1565 - Define information security roles and responsibilities | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 68d2e478-3b19-23eb-1357-31b296547457 | Enforce software execution privileges | CMA_C1041 - Enforce software execution privileges | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 8b077bff-516f-3983-6c42-c86e9a11868b | Designate individuals to fulfill specific roles and responsibilities | CMA_C1747 - Designate individuals to fulfill specific roles and responsibilities | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 1afada58-8b34-7ac2-a38a-983218635201 | Define acceptable and unacceptable mobile code technologies | CMA_C1651 - Define acceptable and unacceptable mobile code technologies | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 6a379d74-903b-244a-4c44-838728bea6b0 | Analyse data obtained from continuous monitoring | CMA_C1169 - Analyse data obtained from continuous monitoring | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | d9edcea6-6cb8-0266-a48c-2061fbac4310 | Plan for continuance of essential business functions | CMA_C1255 - Plan for continuance of essential business functions | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 33d34fac-56a8-1c0f-0636-3ed94892a709 | Govern the allocation of resources | CMA_0293 - Govern the allocation of resources | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 0bbfd658-93ab-6f5e-1e19-3c1c1da62d01 | Keep accurate accounting of disclosures of information | CMA_C1818 - Keep accurate accounting of disclosures of information | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 043c1e56-5a16-52f8-6af8-583098ff3e60 | Create a data inventory | CMA_0096 - Create a data inventory | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | fd81a1b3-2d7a-107c-507e-29b87d040c19 | Enforce appropriate usage of all accounts | CMA_C1023 - Enforce appropriate usage of all accounts | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 7ad83b58-2042-085d-08f0-13e946f26f89 | Update rules of behavior and access agreements every 3 years | CMA_0522 - Update rules of behavior and access agreements every 3 years | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | bf883b14-9c19-0f37-8825-5e39a8b66d5b | Perform threat modeling | CMA_0392 - Perform threat modeling | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 58a51cde-008b-1a5d-61b5-d95849770677 | Test the business continuity and disaster recovery plan | CMA_0509 - Test the business continuity and disaster recovery plan | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 836f8406-3b8a-11bb-12cb-6c7fa0765668 | Develop configuration item identification plan | CMA_C1231 - Develop configuration item identification plan | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 5fc24b95-53f7-0ed1-2330-701b539b97fe | Turn on sensors for endpoint security solution | CMA_0514 - Turn on sensors for endpoint security solution | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 79c75b38-334b-1a69-65e0-a9d929a42f75 | Document the legal basis for processing personal information | CMA_0206 - Document the legal basis for processing personal information | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 8747b573-8294-86a0-8914-49e9b06a5ace | Establish configuration management requirements for developers | CMA_0270 - Establish configuration management requirements for developers | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 6ab47bbf-867e-9113-7998-89b58f77326a | Respond to complaints, concerns, or questions timely | CMA_C1853 - Respond to complaints, concerns, or questions timely | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 75b42dcf-7840-1271-260b-852273d7906e | Develop contingency planning policies and procedures | CMA_0156 - Develop contingency planning policies and procedures | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 524e7136-9f6a-75ba-9089-501018151346 | Document security and privacy training activities | CMA_0198 - Document security and privacy training activities | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 | Review and update configuration management policies and procedures | CMA_C1175 - Review and update configuration management policies and procedures | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 33602e78-35e3-4f06-17fb-13dd887448e4 | Conduct capacity planning | CMA_C1252 - Conduct capacity planning | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 2f20840e-7925-221c-725d-757442753e7c | Develop and maintain baseline configurations | CMA_0153 - Develop and maintain baseline configurations | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 477bd136-7dd9-55f8-48ac-bae096b86a07 | Develop POA&M | CMA_C1156 - Develop POA&M | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 318b2bd9-9c39-9f8b-46a7-048401f33476 | Address coding vulnerabilities | CMA_0003 - Address coding vulnerabilities | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 5d3abfea-a130-1208-29c0-e57de80aa6b0 | Review the results of contingency plan testing | CMA_C1262 - Review the results of contingency plan testing | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | d7c1ecc3-2980-a079-1569-91aec8ac4a77 | Conduct risk assessment and distribute its results | CMA_C1544 - Conduct risk assessment and distribute its results | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 4a6f5cbd-6c6b-006f-2bb1-091af1441bce | Review malware detections report weekly | CMA_0475 - Review malware detections report weekly | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 203101f5-99a3-1491-1b56-acccd9b66a9e | Conduct a security impact analysis | CMA_0057 - Conduct a security impact analysis | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | d36700f2-2f0d-7c2a-059c-bdadd1d79f70 | Establish a risk management strategy | CMA_0258 - Establish a risk management strategy | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 2401b496-7f23-79b2-9f80-89bb5abf3d4a | Protect incident response plan | CMA_0405 - Protect incident response plan | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | f741c4e6-41eb-15a4-25a2-61ac7ca232f0 | Integrate audit review, analysis, and reporting | CMA_0339 - Integrate audit review, analysis, and reporting | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | adf517f3-6dcd-3546-9928-34777d0c277e | Review and update system and communications protection policies and procedures | CMA_C1616 - Review and update system and communications protection policies and procedures | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba | Review file and folder activity | CMA_0473 - Review file and folder activity | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 7d70383a-32f4-a0c2-61cf-a134851968c2 | Determine legal authority to collect PII | CMA_C1800 - Determine legal authority to collect PII | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 3a868d0c-538f-968b-0191-bddb44da5b75 | Require developers to document approved changes and potential impact | CMA_C1597 - Require developers to document approved changes and potential impact | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | e21f91d1-2803-0282-5f2d-26ebc4b170ef | Update organizational access agreements | CMA_0520 - Update organizational access agreements | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | ff1efad2-6b09-54cc-01bf-d386c4d558a8 | Secure the interface to external systems | CMA_0491 - Secure the interface to external systems | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 1e0d5ba8-a433-01aa-829c-86b06c9631ec | Include dynamic reconfig of customer deployed resources | CMA_C1364 - Include dynamic reconfig of customer deployed resources | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 0dcbaf2f-075e-947b-8f4c-74ecc5cd302c | Identify individuals with security roles and responsibilities | CMA_C1566 - Identify individuals with security roles and responsibilities | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | d42a8f69-a193-6cbc-48b9-04a9e29961f1 | Protect wireless access | CMA_0411 - Protect wireless access | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 86ecd378-a3a0-5d5b-207c-05e6aaca43fc | Detect network services that have not been authorized or approved | CMA_C1700 - Detect network services that have not been authorized or approved | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | de936662-13dc-204c-75ec-1af80f994088 | Provide contingency training | CMA_0412 - Provide contingency training | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 3c93dba1-84fd-57de-33c7-ef0400a08134 | Establish terms and conditions for accessing resources | CMA_C1076 - Establish terms and conditions for accessing resources | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 8bfdbaa6-6824-3fec-9b06-7961bf7389a6 | Initiate contingency plan testing corrective actions | CMA_C1263 - Initiate contingency plan testing corrective actions | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | b320aa42-33b4-53af-87ce-100091d48918 | Document third-party personnel security requirements | CMA_C1531 - Document third-party personnel security requirements | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 | Define cryptographic use | CMA_0120 - Define cryptographic use | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 015b4935-448a-8684-27c0-d13086356c33 | Implement a threat awareness program | CMA_C1758 - Implement a threat awareness program | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 8bb40df9-23e4-4175-5db3-8dba86349b73 | Confirm quality and integrity of PII | CMA_C1821 - Confirm quality and integrity of PII | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 34738025-5925-51f9-1081-f2d0060133ed | Information security and personal data protection | CMA_0332 - Information security and personal data protection | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | af5ff768-a34b-720e-1224-e6b3214f3ba6 | Establish an alternate processing site | CMA_0262 - Establish an alternate processing site | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | a44c9fba-43f8-4b7b-7ee6-db52c96b4366 | Facilitate information sharing | CMA_0284 - Facilitate information sharing | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 13ef3484-3a51-785a-9c96-500f21f84edd | Information flow control using security policy filters | CMA_C1029 - Information flow control using security policy filters | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | bab9ef1d-a16d-421a-822d-3fa94e808156 | Route traffic through managed network access points | CMA_0484 - Route traffic through managed network access points | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | aeed863a-0f56-429f-945d-8bb66bd06841 | Authorize access to security functions and information | CMA_0022 - Authorize access to security functions and information | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 48c816c5-2190-61fc-8806-25d6f3df162f | Monitor access across the organization | CMA_0376 - Monitor access across the organization | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 3b30aa25-0f19-6c04-5ca4-bd3f880a763d | Implement parameters for memorized secret verifiers | CMA_0321 - Implement parameters for memorized secret verifiers | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 1b8a7ec3-11cc-a2d3-8cd0-eedf074424a4 | Employ automatic shutdown/restart when violations are detected | CMA_C1715 - Employ automatic shutdown/restart when violations are detected | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | ece8bb17-4080-5127-915f-dc7267ee8549 | Verify security functions | CMA_C1708 - Verify security functions | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 | Develop security assessment plan | CMA_C1144 - Develop security assessment plan | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 77cc89bb-774f-48d7-8a84-fb8c322c3000 | Track software license usage | CMA_C1235 - Track software license usage | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 6c0a312f-04c5-5c97-36a5-e56763a02b6b | Review and sign revised rules of behavior | CMA_0465 - Review and sign revised rules of behavior | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Monitoring | bd58d393-162c-4134-bcd6-a6a5484a37a1 | The legacy Log Analytics extension should not be installed on Azure Arc enabled Linux servers | Automatically prevent installation of the legacy Log Analytics Agent as the final step of migrating from legacy agents to Azure Monitor Agent. After you have uninstalled existing legacy extensions, this policy will deny all future installations of the legacy agent extension on Azure Arc enabled Linux servers. Learn more: https://aka.ms/migratetoAMA | Default Audit Allowed Deny, Audit, Disabled |
add | 2022-09-27 16:35:32 bd58d393-162c-4134-bcd6-a6a5484a37a1 |
|
| Regulatory Compliance | 3153d9c0-2584-14d3-362d-578b01358aeb | Retain training records | CMA_0456 - Retain training records | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | c423e64d-995c-9f67-0403-b540f65ba42a | Assess Security Controls | CMA_C1145 - Assess Security Controls | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | efef28d0-3226-966a-a1e8-70e89c1b30bc | Retain security policies and procedures | CMA_0454 - Retain security policies and procedures | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | b4512986-80f5-1656-0c58-08866bd2673a | Designate authorized personnel to post publicly accessible information | CMA_C1083 - Designate authorized personnel to post publicly accessible information | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | d8bbd80e-3bb1-5983-06c2-428526ec6a63 | Establish a password policy | CMA_0256 - Establish a password policy | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 2c6bee3a-2180-2430-440d-db3c7a849870 | Document security operations | CMA_0202 - Document security operations | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | f49925aa-9b11-76ae-10e2-6e973cc60f37 | Review and update system and services acquisition policies and procedures | CMA_C1560 - Review and update system and services acquisition policies and procedures | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 7b28ba4f-0a87-46ac-62e1-46b7c09202a8 | Monitor account activity | CMA_0377 - Monitor account activity | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 2af551d5-1775-326a-0589-590bfb7e9eb2 | Limit privileges to make changes in production environment | CMA_C1206 - Limit privileges to make changes in production environment | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 037c0089-6606-2dab-49ad-437005b5035f | Identify incident response personnel | CMA_0301 - Identify incident response personnel | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 873895e8-0e3a-6492-42e9-22cd030e9fcd | Restrict access to privileged accounts | CMA_0446 - Restrict access to privileged accounts | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 36b74844-4a99-4c80-1800-b18a516d1585 | Control use of portable storage devices | CMA_0083 - Control use of portable storage devices | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 725164e5-3b21-1ec2-7e42-14f077862841 | Require compliance with intellectual property rights | CMA_0432 - Require compliance with intellectual property rights | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 4f23967c-a74b-9a09-9dc2-f566f61a87b9 | Establish backup policies and procedures | CMA_0268 - Establish backup policies and procedures | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 0f4fa857-079d-9d3d-5c49-21f616189e03 | Provide real-time alerts for audit event failures | CMA_C1114 - Provide real-time alerts for audit event failures | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | f8d141b7-4e21-62a6-6608-c79336e36bc9 | Establish privacy requirements for contractors and service providers | CMA_C1810 - Establish privacy requirements for contractors and service providers | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 70fe686f-1f91-7dab-11bf-bca4201e183b | Review role group changes weekly | CMA_0476 - Review role group changes weekly | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | ba99d512-3baa-1c38-8b0b-ae16bbd34274 | Test contingency plan at an alternate processing location | CMA_C1265 - Test contingency plan at an alternate processing location | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 3f1216b0-30ee-1ac9-3899-63eb744e85f5 | Obtain Admin documentation | CMA_C1580 - Obtain Admin documentation | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 9e3c505e-7aeb-2096-3417-b132242731fc | Review content prior to posting publicly accessible information | CMA_C1085 - Review content prior to posting publicly accessible information | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | e4e1f896-8a93-1151-43c7-0ad23b081ee2 | Authorize, monitor, and control voip | CMA_0025 - Authorize, monitor, and control voip | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | f96d2186-79df-262d-3f76-f371e3b71798 | Review user privileges | CMA_C1039 - Review user privileges | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 575ed5e8-4c29-99d0-0e4d-689fb1d29827 | Automate approval request for proposed changes | CMA_C1192 - Automate approval request for proposed changes | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | b5244f81-6cab-3188-2412-179162294996 | Review publicly accessible content for nonpublic information | CMA_C1086 - Review publicly accessible content for nonpublic information | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Security Center | 98ea2fc7-6fc6-4fd1-9d8d-6331154da071 | [Preview]: Configure supported Windows virtual machines to automatically install the Guest Attestation extension | Configure supported Windows virtual machines to automatically install the Guest Attestation extension to allow Azure Security Center to proactively attest and monitor the boot integrity. Boot integrity is attested via Remote Attestation. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 001 •Virtual Machine Contributor |
change | 2022-09-27 16:35:32 Major, suffix remains equal (4.0.0-preview > 5.0.0-preview) |
| Regulatory Compliance | a28323fe-276d-3787-32d2-cef6395764c4 | Develop audit and accountability policies and procedures | CMA_0154 - Develop audit and accountability policies and procedures | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | f48b60c6-4b37-332f-7288-b6ea50d300eb | Review controlled folder access events | CMA_0471 - Review controlled folder access events | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | eda0cbb7-6043-05bf-645b-67411f1a59b3 | Ensure there are no unencrypted static authenticators | CMA_C1340 - Ensure there are no unencrypted static authenticators | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 00f12b6f-10d7-8117-9577-0f2b76488385 | Integrate risk management process into SDLC | CMA_C1567 - Integrate risk management process into SDLC | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | b7306e73-0494-83a2-31f5-280e934a8f70 | Develop and document a DDoS response plan | CMA_0147 - Develop and document a DDoS response plan | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Security Center | c9b2ae08-09e2-4f0e-bb43-b60bf0135bdf | [Preview]: Configure supported Windows virtual machine scale sets to automatically install the Guest Attestation extension | Configure supported Windows virtual machines scale sets to automatically install the Guest Attestation extension to allow Azure Security Center to proactively attest and monitor the boot integrity. Boot integrity is attested via Remote Attestation. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 001 •Virtual Machine Contributor |
change | 2022-09-27 16:35:32 Major, suffix remains equal (3.0.0-preview > 4.0.0-preview) |
| Regulatory Compliance | 2d2ca910-7957-23ee-2945-33f401606efc | Accept only FICAM-approved third-party credentials | CMA_C1348 - Accept only FICAM-approved third-party credentials | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | df2e9507-169b-4114-3a52-877561ee3198 | Implement security engineering principles of information systems | CMA_0325 - Implement security engineering principles of information systems | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 2d14ff7e-6ff9-838c-0cde-4962ccdb1689 | Employ business case to record the resources required | CMA_C1735 - Employ business case to record the resources required | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Security Center | f655e522-adff-494d-95c2-52d4f6d56a42 | [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets | Install Guest Attestation extension on supported virtual machines scale sets to allow Azure Security Center to proactively attest and monitor the boot integrity. Once installed, boot integrity will be attested via Remote Attestation. This assessment applies to Trusted Launch and Confidential Windows virtual machine scale sets. | Default AuditIfNotExists Allowed AuditIfNotExists, Disabled |
change | 2022-09-27 16:35:32 Major, suffix remains equal (2.0.0-preview > 3.0.0-preview) |
|
| Regulatory Compliance | 1fdeb7c4-4c93-8271-a135-17ebe85f1cc7 | Incorporate simulated events into incident response training | CMA_C1356 - Incorporate simulated events into incident response training | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 72889284-15d2-90b2-4b39-a1e9541e1152 | Verify identity before distributing authenticators | CMA_0538 - Verify identity before distributing authenticators | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 311802f9-098d-0659-245a-94c5d47c0182 | Employ boundary protection to isolate information systems | CMA_C1639 - Employ boundary protection to isolate information systems | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | f9ec3263-9562-1768-65a1-729793635a8d | Document protection of personal data in acquisition contracts | CMA_0194 - Document protection of personal data in acquisition contracts | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Security Center | 97566dd7-78ae-4997-8b36-1c7bfe0d8121 | [Preview]: Secure Boot should be enabled on supported Windows virtual machines | Enable Secure Boot on supported Windows virtual machines to mitigate against malicious and unauthorized changes to the boot chain. Once enabled, only trusted bootloaders, kernel and kernel drivers will be allowed to run. This assessment applies to Trusted Launch and Confidential Windows virtual machines. | Default Audit Allowed Audit, Disabled |
change | 2022-09-27 16:35:32 Major, suffix remains equal (3.0.0-preview > 4.0.0-preview) |
|
| Regulatory Compliance | 518eafdd-08e5-37a9-795b-15a8d798056d | Provide privacy training | CMA_0415 - Provide privacy training | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | f33c3238-11d2-508c-877c-4262ec1132e1 | Recover and reconstitute resources after any disruption | CMA_C1295 - Recover and reconstitute resources after any disruption | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | b544f797-a73b-1be3-6d01-6b1a085376bc | Establish information security workforce development and improvement program | CMA_C1752 - Establish information security workforce development and improvement program | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | c981fa70-2e58-8141-1457-e7f62ebc2ade | Document organizational access agreements | CMA_0192 - Document organizational access agreements | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 0a412110-3874-9f22-187a-c7a81c8a6704 | Establish alternate storage site to store and retrieve backup information | CMA_C1267 - Establish alternate storage site to store and retrieve backup information | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | bbb2e6d6-085f-5a35-a55d-e45daad38933 | Provide secure name and address resolution services | CMA_0416 - Provide secure name and address resolution services | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Security Center | a21f8c92-9e22-4f09-b759-50500d1d2dda | [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines scale sets | Install Guest Attestation extension on supported Linux virtual machines scale sets to allow Azure Security Center to proactively attest and monitor the boot integrity. Once installed, boot integrity will be attested via Remote Attestation. This assessment applies to Trusted Launch and Confidential Linux virtual machine scale sets. | Default AuditIfNotExists Allowed AuditIfNotExists, Disabled |
change | 2022-09-27 16:35:32 Major, suffix remains equal (4.0.0-preview > 5.0.0-preview) |
|
| Regulatory Compliance | 74041cfe-3f87-1d17-79ec-34ca5f895542 | Produce complete records of remote maintenance activities | CMA_C1403 - Produce complete records of remote maintenance activities | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 449ebb52-945b-36e5-3446-af6f33770f8f | Update the security authorization | CMA_C1160 - Update the security authorization | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 6baae474-434f-2e91-7163-a72df30c4847 | Manage security state of information systems | CMA_C1746 - Manage security state of information systems | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 7bdb79ea-16b8-453e-4ca4-ad5b16012414 | Transfer backup information to an alternate storage site | CMA_C1294 - Transfer backup information to an alternate storage site | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 21633c09-804e-7fcd-78e3-635c6bfe2be7 | Provide capability to process customer-controlled audit records | CMA_C1126 - Provide capability to process customer-controlled audit records | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | b2ea1058-8998-3dd1-84f1-82132ad482fd | Develop and establish a system security plan | CMA_0151 - Develop and establish a system security plan | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 069101ac-4578-31da-0cd4-ff083edd3eb4 | Obtain consent prior to collection or processing of personal data | CMA_0385 - Obtain consent prior to collection or processing of personal data | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 5fe84a4c-1b0c-a738-2aba-ed49c9069d3b | Prohibit unfair practices | CMA_0396 - Prohibit unfair practices | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 5decc032-95bd-2163-9549-a41aba83228e | Implement formal sanctions process | CMA_0317 - Implement formal sanctions process | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | e1379836-3492-6395-451d-2f5062e14136 | Identify and authenticate non-organizational users | CMA_C1346 - Identify and authenticate non-organizational users | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 5bac5fb7-7735-357b-767d-02264bfe5c3b | Perform all non-local maintenance | CMA_C1417 - Perform all non-local maintenance | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | d9af7f88-686a-5a8b-704b-eafdab278977 | Obtain legal opinion for monitoring system activities | CMA_C1688 - Obtain legal opinion for monitoring system activities | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | a930f477-9dcb-2113-8aa7-45bb6fc90861 | Review and update the events defined in AU-02 | CMA_C1106 - Review and update the events defined in AU-02 | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | d18af1ac-0086-4762-6dc8-87cdded90e39 | Perform a privacy impact assessment | CMA_0387 - Perform a privacy impact assessment | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 3054c74b-9b45-2581-56cf-053a1a716c39 | Accept assessment results | CMA_C1150 - Accept assessment results | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | b2d3e5a2-97ab-5497-565a-71172a729d93 | Protect passwords with encryption | CMA_0408 - Protect passwords with encryption | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | f3c17714-8ce7-357f-4af2-a0baa63a063f | Make SORNs available publicly | CMA_C1865 - Make SORNs available publicly | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | c8aa992d-76b7-7ca0-07b3-31a58d773fa9 | Employ automated training environment | CMA_C1357 - Employ automated training environment | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 25a1f840-65d0-900a-43e4-bee253de04de | Define requirements for managing assets | CMA_0125 - Define requirements for managing assets | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 9b8b05ec-3d21-215e-5d98-0f7cf0998202 | Provide security awareness training for insider threats | CMA_0417 - Provide security awareness training for insider threats | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 81b6267b-97a7-9aa5-51ee-d2584a160424 | Create separate alternate and primary storage sites | CMA_C1269 - Create separate alternate and primary storage sites | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | dad1887d-161b-7b61-2e4d-5124a7b5724e | Measure the time between flaw identification and flaw remediation | CMA_C1674 - Measure the time between flaw identification and flaw remediation | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | b273f1e3-79e7-13ee-5b5d-dca6c66c3d5d | Manage maintenance personnel | CMA_C1421 - Manage maintenance personnel | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | d93fe1be-13e4-421d-9c21-3158e2fa2667 | Implement plans of action and milestones for security program process | CMA_C1737 - Implement plans of action and milestones for security program process | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 97f0d974-1486-01e2-2088-b888f46c0589 | Train personnel on disclosure of nonpublic information | CMA_C1084 - Train personnel on disclosure of nonpublic information | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 80029bc5-834f-3a9c-a2d8-acbc1aab4e9f | Employ restrictions on external system interconnections | CMA_C1155 - Employ restrictions on external system interconnections | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 92a7591f-73b3-1173-a09c-a08882d84c70 | Identify actions allowed without authentication | CMA_0295 - Identify actions allowed without authentication | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | afbecd30-37ee-a27b-8e09-6ac49951a0ee | Establish security requirements for the manufacturing of connected devices | CMA_0279 - Establish security requirements for the manufacturing of connected devices | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 2067b904-9552-3259-0cdd-84468e284b7c | Review and update system maintenance policies and procedures | CMA_C1395 - Review and update system maintenance policies and procedures | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 84a01872-5318-049e-061e-d56734183e84 | Distribute information system documentation | CMA_C1584 - Distribute information system documentation | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 20762f1e-85fb-31b0-a600-e833633f10fe | Reveal error messages | CMA_C1725 - Reveal error messages | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | ee67c031-57fc-53d0-0cca-96c4c04345e8 | Document and distribute a privacy policy | CMA_0188 - Document and distribute a privacy policy | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 509552f5-6528-3540-7959-fbeae4832533 | Enforce rules of behavior and access agreements | CMA_0248 - Enforce rules of behavior and access agreements | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | a8f9c283-9a66-3eb3-9e10-bdba95b85884 | Run simulation attacks | CMA_0486 - Run simulation attacks | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 22c16ae4-19d0-29cb-422f-cb44061180ee | Disable user accounts posing a significant risk | CMA_C1026 - Disable user accounts posing a significant risk | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 676c3c35-3c36-612c-9523-36d266a65000 | Require developers to provide training | CMA_C1611 - Require developers to provide training | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | b53aa659-513e-032c-52e6-1ce0ba46582f | Configure actions for noncompliant devices | CMA_0062 - Configure actions for noncompliant devices | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | c2eabc28-1e5c-78a2-a712-7cc176c44c07 | Implement a penetration testing methodology | CMA_0306 - Implement a penetration testing methodology | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 94c842e3-8098-38f9-6d3f-8872b790527d | Remove or redact any PII | CMA_C1833 - Remove or redact any PII | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | c0559109-6a27-a217-6821-5a6d44f92897 | Maintain integrity of audit system | CMA_C1133 - Maintain integrity of audit system | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | b33d61c1-7463-7025-0ec0-a47585b59147 | Require developers to manage change integrity | CMA_C1595 - Require developers to manage change integrity | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 8aec4343-9153-9641-172c-defb201f56b3 | Review cloud identity report overview | CMA_0468 - Review cloud identity report overview | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 0123edae-3567-a05a-9b05-b53ebe9d3e7e | View and configure system diagnostic data | CMA_0544 - View and configure system diagnostic data | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 76d66b5c-85e4-93f5-96a5-ebb2fad61dc6 | Terminate customer controlled account credentials | CMA_C1022 - Terminate customer controlled account credentials | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 2927e340-60e4-43ad-6b5f-7a1468232cc2 | Configure detection whitelist | CMA_0068 - Configure detection whitelist | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 058e9719-1ff9-3653-4230-23f76b6492e0 | Enforce security configuration settings | CMA_0249 - Enforce security configuration settings | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 098a7b84-1031-66d8-4e78-bd15b5fd2efb | Provide privacy notice | CMA_0414 - Provide privacy notice | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 4e45863d-9ea9-32b4-a204-2680bc6007a6 | Require external service providers to comply with security requirements | CMA_C1586 - Require external service providers to comply with security requirements | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 2f67e567-03db-9d1f-67dc-b6ffb91312f4 | Determine auditable events | CMA_0137 - Determine auditable events | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | a465e8e9-0095-85cb-a05f-1dd4960d02af | Document security documentation requirements in acquisition contract | CMA_0200 - Document security documentation requirements in acquisition contract | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | c7d57a6a-7cc2-66c0-299f-83bf90558f5d | Enforce random unique session identifiers | CMA_0247 - Enforce random unique session identifiers | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 6122970b-8d4a-7811-0278-4c6c68f61e4f | Restrict media use | CMA_0450 - Restrict media use | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 | Update antivirus definitions | CMA_0517 - Update antivirus definitions | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | b5a4be05-3997-1731-3260-98be653610f6 | Perform disposition review | CMA_0391 - Perform disposition review | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 6abdf7c7-362b-3f35-099e-533ed50988f9 | Assign information security representative to change control | CMA_C1198 - Assign information security representative to change control | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | d4e6a629-28eb-79a9-000b-88030e4823ca | Coordinate with external organizations to achieve cross org perspective | CMA_C1368 - Coordinate with external organizations to achieve cross org perspective | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | bd6cbcba-4a2d-507c-53e3-296b5c238a8e | Develop and document a business continuity and disaster recovery plan | CMA_0146 - Develop and document a business continuity and disaster recovery plan | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e | Implement controls to secure alternate work sites | CMA_0315 - Implement controls to secure alternate work sites | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 09960521-759e-5d12-086f-4192a72a5e92 | Protect administrator and user documentation | CMA_C1583 - Protect administrator and user documentation | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | e9c60c37-65b0-2d72-6c3c-af66036203ae | Review and update contingency planning policies and procedures | CMA_C1243 - Review and update contingency planning policies and procedures | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | fe2dff43-0a8c-95df-0432-cb1c794b17d0 | Notify users of system logon or access | CMA_0382 - Notify users of system logon or access | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 3545c827-26ee-282d-4629-23952a12008b | Conduct incident response testing | CMA_0060 - Conduct incident response testing | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | e435f7e3-0dd9-58c9-451f-9b44b96c0232 | Implement controls to secure all media | CMA_0314 - Implement controls to secure all media | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 3ae68d9a-5696-8c32-62d3-c6f9c52e437c | Refresh authenticators | CMA_0425 - Refresh authenticators | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 623b5f0a-8cbd-03a6-4892-201d27302f0c | Define information system account types | CMA_0121 - Define information system account types | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 37b0045b-3887-367b-8b4d-b9a6fa911bb9 | Assess information security events | CMA_0013 - Assess information security events | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 | Integrate cloud app security with a siem | CMA_0340 - Integrate cloud app security with a siem | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 7ded6497-815d-6506-242b-e043e0273928 | Plan for resumption of essential business functions | CMA_C1253 - Plan for resumption of essential business functions | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 79365f13-8ba4-1f6c-2ac4-aa39929f56d0 | Employ flow control mechanisms of encrypted information | CMA_0211 - Employ flow control mechanisms of encrypted information | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 8c255136-994b-9616-79f5-ae87810e0dcf | Enable network protection | CMA_0238 - Enable network protection | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 1cb7bf71-841c-4741-438a-67c65fdd7194 | Provide security training for new users | CMA_0419 - Provide security training for new users | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 | Review and update personnel security policies and procedures | CMA_C1507 - Review and update personnel security policies and procedures | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | bd4dc286-2f30-5b95-777c-681f3a7913d3 | Establish and document change control processes | CMA_0265 - Establish and document change control processes | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 433de59e-7a53-a766-02c2-f80f8421469a | Implement incident handling | CMA_0318 - Implement incident handling | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 06f84330-4c27-21f7-72cd-7488afd50244 | Implement privacy notice delivery methods | CMA_0324 - Implement privacy notice delivery methods | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 3e37c891-840c-3eb4-78d2-e2e0bb5063e0 | Require developers to describe accurate security functionality | CMA_C1613 - Require developers to describe accurate security functionality | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 57927290-8000-59bf-3776-90c468ac5b4b | Document security functional requirements in acquisition contracts | CMA_0201 - Document security functional requirements in acquisition contracts | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 526ed90e-890f-69e7-0386-ba5c0f1f784f | Establish and document a configuration management plan | CMA_0264 - Establish and document a configuration management plan | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 62fa14f0-4cbe-762d-5469-0899a99b98aa | Explicitly notify use of collaborative computing devices | CMA_C1649 - Explicitly notify use of collaborative computing devices | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 60ee1260-97f0-61bb-8155-5d8b75743655 | Separate duties of individuals | CMA_0492 - Separate duties of individuals | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 291f20d4-8d93-1d73-89f3-6ce28b825563 | Authorize, monitor, and control usage of mobile code technologies | CMA_C1653 - Authorize, monitor, and control usage of mobile code technologies | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 | Assess risk in third party relationships | CMA_0014 - Assess risk in third party relationships | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 34d38ea7-6754-1838-7031-d7fd07099821 | Manage system and admin accounts | CMA_0368 - Manage system and admin accounts | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 18e9d748-73d4-0c96-55ab-b108bfbd5bc3 | Notify personnel of any failed security verification tests | CMA_C1710 - Notify personnel of any failed security verification tests | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | b1666a13-8f67-9c47-155e-69e027ff6823 | Enforce mandatory and discretionary access control policies | CMA_0246 - Enforce mandatory and discretionary access control policies | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 5e4e9685-3818-5934-0071-2620c4fa2ca5 | Retain previous versions of baseline configs | CMA_C1181 - Retain previous versions of baseline configs | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 279052a0-8238-694d-9661-bf649f951747 | Identify contaminated systems and components | CMA_0300 - Identify contaminated systems and components | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 8489ff90-8d29-61df-2d84-f9ab0f4c5e84 | Notify when account is not needed | CMA_0383 - Notify when account is not needed | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 27965e62-141f-8cca-426f-d09514ee5216 | Establish and maintain an asset inventory | CMA_0266 - Establish and maintain an asset inventory | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 8b1da407-5e60-5037-612e-2caa1b590719 | Record disclosures of PII to third parties | CMA_0422 - Record disclosures of PII to third parties | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 14a4fd0a-9100-1e12-1362-792014a28155 | Update contingency plan | CMA_C1248 - Update contingency plan | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 6c79c3e5-5f7b-a48a-5c7b-8c158bc01115 | Ensure security categorization is approved | CMA_C1540 - Ensure security categorization is approved | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | c5784049-959f-6067-420c-f4cefae93076 | Coordinate contingency plans with related plans | CMA_0086 - Coordinate contingency plans with related plans | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 834b7a4a-83ab-2188-1a26-9c5033d8173b | Incorporate security and data privacy practices in research processing | CMA_0331 - Incorporate security and data privacy practices in research processing | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | ca748dfe-3e28-1d18-4221-89aea30aa0a5 | Identify status of individual users | CMA_C1316 - Identify status of individual users | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | c7fddb0e-3f44-8635-2b35-dc6b8e740b7c | Identify and manage downstream information exchanges | CMA_0298 - Identify and manage downstream information exchanges | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 07b42fb5-027e-5a3c-4915-9d9ef3020ec7 | Discover any indicators of compromise | CMA_C1702 - Discover any indicators of compromise | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | ba78efc6-795c-64f4-7a02-91effbd34af9 | Execute actions in response to information spills | CMA_0281 - Execute actions in response to information spills | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | f8ded0c6-a668-9371-6bb6-661d58787198 | Monitor third-party provider compliance | CMA_C1533 - Monitor third-party provider compliance | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 7d10debd-4775-85a7-1a41-7e128e0e8c50 | Automate process to prohibit implementation of unapproved changes | CMA_C1194 - Automate process to prohibit implementation of unapproved changes | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | dd6d00a8-701a-5935-a22b-c7b9c0c698b2 | Isolate SecurID systems, Security Incident Management systems | CMA_C1636 - Isolate SecurID systems, Security Incident Management systems | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | db580551-0b3c-4ea1-8a4c-4cdb5feb340f | Provide the logout capability | CMA_C1055 - Provide the logout capability | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 2f204e72-1896-3bf8-75c9-9128b8683a36 | Reissue authenticators for changed groups and accounts | CMA_0426 - Reissue authenticators for changed groups and accounts | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | b8ec9ebb-5b7f-8426-17c1-2bc3fcd54c6e | Implement methods for consumer requests | CMA_0319 - Implement methods for consumer requests | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 95eb7d09-9937-5df9-11d9-20317e3f60df | Provide formal notice to individuals | CMA_C1864 - Provide formal notice to individuals | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 7380631c-5bf5-0e3a-4509-0873becd8a63 | Establish a configuration control board | CMA_0254 - Establish a configuration control board | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 9150259b-617b-596d-3bf5-5ca3fce20335 | Establish policies for supply chain risk management | CMA_0275 - Establish policies for supply chain risk management | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 | Manage the input, output, processing, and storage of data | CMA_0369 - Manage the input, output, processing, and storage of data | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | c2cb4658-44dc-9d11-3dad-7c6802dd5ba3 | Generate error messages | CMA_C1724 - Generate error messages | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 171e377b-5224-4a97-1eaa-62a3b5231dac | Generate internal security alerts | CMA_C1704 - Generate internal security alerts | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 21832235-7a07-61f4-530d-d596f76e5b95 | Implement security testing, training, and monitoring plans | CMA_C1753 - Implement security testing, training, and monitoring plans | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 93fa357f-2e38-22a9-5138-8cc5124e1923 | Categorize information | CMA_0052 - Categorize information | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | d91558ce-5a5c-551b-8fbb-83f793255e09 | Route traffic through authenticated proxy network | CMA_C1633 - Route traffic through authenticated proxy network | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | cf79f602-1e60-5423-6c0c-e632c2ea1fc0 | Implement controls to protect PII | CMA_C1839 - Implement controls to protect PII | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 3af53f59-979f-24a8-540f-d7cdbc366607 | Require users to sign access agreement | CMA_0440 - Require users to sign access agreement | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | b269a749-705e-8bff-055a-147744675cdf | Conduct backup of information system documentation | CMA_C1289 - Conduct backup of information system documentation | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 83dfb2b8-678b-20a0-4c44-5c75ada023e6 | Document mobility training | CMA_0191 - Document mobility training | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 4ac81669-00e2-9790-8648-71bc11bc91eb | Manage the transportation of assets | CMA_0370 - Manage the transportation of assets | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 7a114735-a420-057d-a651-9a73cd0416ef | Require developers to provide unified security protection approach | CMA_C1614 - Require developers to provide unified security protection approach | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | c148208b-1a6f-a4ac-7abc-23b1d41121b1 | Document the information system environment in acquisition contracts | CMA_0205 - Document the information system environment in acquisition contracts | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 7d7a8356-5c34-9a95-3118-1424cfaf192a | Adopt biometric authentication mechanisms | CMA_0005 - Adopt biometric authentication mechanisms | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | b7897ddc-9716-2460-96f7-7757ad038cc4 | Assign risk designations | CMA_0016 - Assign risk designations | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 3eabed6d-1912-2d3c-858b-f438d08d0412 | Ensure external providers consistently meet interests of the customers | CMA_C1592 - Ensure external providers consistently meet interests of the customers | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | b11697e8-9515-16f1-7a35-477d5c8a1344 | Protect data in transit using encryption | CMA_0403 - Protect data in transit using encryption | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | f131c8c5-a54a-4888-1efc-158928924bc1 | Require developers to build security architecture | CMA_C1612 - Require developers to build security architecture | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | d4f70530-19a2-2a85-6e0c-0c3c465e3325 | Make accounting of disclosures available upon request | CMA_C1820 - Make accounting of disclosures available upon request | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 67ada943-8539-083d-35d0-7af648974125 | Determine supplier contract obligations | CMA_0140 - Determine supplier contract obligations | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | afd5d60a-48d2-8073-1ec2-6687e22f2ddd | Require notification of third-party personnel transfer or termination | CMA_C1532 - Require notification of third-party personnel transfer or termination | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 214ea241-010d-8926-44cc-b90a96d52adc | Compile Audit records into system wide audit | CMA_C1140 - Compile Audit records into system wide audit | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 59bedbdc-0ba9-39b9-66bb-1d1c192384e6 | Control information flow | CMA_0079 - Control information flow | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | f26af0b1-65b6-689a-a03f-352ad2d00f98 | Audit privileged functions | CMA_0019 - Audit privileged functions | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 3ad7f0bc-3d03-0585-4d24-529779bb02c2 | Maintain availability of information | CMA_C1644 - Maintain availability of information | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | e4b00788-7e1c-33ec-0418-d048508e095b | Implement training for protecting authenticators | CMA_0329 - Implement training for protecting authenticators | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | fad161f5-5261-401a-22dd-e037bae011bd | Review threat protection status weekly | CMA_0479 - Review threat protection status weekly | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 516be556-1353-080d-2c2f-f46f000d5785 | Provide periodic security awareness training | CMA_C1091 - Provide periodic security awareness training | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 678ca228-042d-6d8e-a598-c58d5670437d | Prohibit remote activation of collaborative computing devices | CMA_C1648 - Prohibit remote activation of collaborative computing devices | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 9ac8621d-9acd-55bf-9f99-ee4212cc3d85 | Provide periodic role-based security training | CMA_C1095 - Provide periodic role-based security training | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | eff6e4a5-3efe-94dd-2ed1-25d56a019a82 | Distribute policies and procedures | CMA_0185 - Distribute policies and procedures | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 5715bf33-a5bd-1084-4e19-bc3c83ec1c35 | Establish terms and conditions for processing resources | CMA_C1077 - Establish terms and conditions for processing resources | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 3d492600-27ba-62cc-a1c3-66eb919f6a0d | Document remote access guidelines | CMA_0196 - Document remote access guidelines | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 27ce30dd-3d56-8b54-6144-e26d9a37a541 | Ensure audit records are not altered | CMA_C1125 - Ensure audit records are not altered | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 2af4640d-11a6-a64b-5ceb-a468f4341c0c | Define and enforce inactivity log policy | CMA_C1017 - Define and enforce inactivity log policy | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 6228396e-2ace-7ca5-3247-45767dbf52f4 | Notify personnel upon sanctions | CMA_0380 - Notify personnel upon sanctions | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 20012034-96f0-85c2-4a86-1ae1eb457802 | Review and update risk assessment policies and procedures | CMA_C1537 - Review and update risk assessment policies and procedures | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 055da733-55c6-9e10-8194-c40731057ec4 | Develop and maintain a vulnerability management standard | CMA_0152 - Develop and maintain a vulnerability management standard | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | d200f199-69f4-95a6-90b0-37ff0cf1040c | Provide the capability to extend or limit auditing on customer-deployed resources | CMA_C1141 - Provide the capability to extend or limit auditing on customer-deployed resources | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 1fb1cb0e-1936-6f32-42fd-89970b535855 | Manage nonlocal maintenance and diagnostic activities | CMA_0364 - Manage nonlocal maintenance and diagnostic activities | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 245fe58b-96f8-9f1e-48c5-7f49903f66fd | Establish alternate storage site that facilitates recovery operations | CMA_C1270 - Establish alternate storage site that facilitates recovery operations | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | f7eb1d0b-6d4f-2d59-1591-7563e11a9313 | Define and enforce conditions for shared and group accounts | CMA_0117 - Define and enforce conditions for shared and group accounts | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 979ed3b6-83f9-26bc-4b86-5b05464700bf | Modify access authorizations upon personnel transfer | CMA_0374 - Modify access authorizations upon personnel transfer | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 271a3e58-1b38-933d-74c9-a580006b80aa | Document personnel acceptance of privacy requirements | CMA_0193 - Document personnel acceptance of privacy requirements | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | c246d146-82b0-301f-32e7-1065dcd248b7 | Review changes for any unauthorized changes | CMA_C1204 - Review changes for any unauthorized changes | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 8b1f29eb-1b22-4217-5337-9207cb55231e | Perform information input validation | CMA_C1723 - Perform information input validation | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | e23444b9-9662-40f3-289e-6d25c02b48fa | Review label activity and analytics | CMA_0474 - Review label activity and analytics | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 12af7c7a-92af-9e96-0d0c-5e732d1a3751 | Ensure information system fails in known state | CMA_C1662 - Ensure information system fails in known state | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | c42f19c9-5d88-92da-0742-371a0ea03126 | Clear personnel with access to classified information | CMA_0054 - Clear personnel with access to classified information | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | a90c4d44-7fac-8e02-6d5b-0d92046b20e6 | Automate flaw remediation | CMA_0027 - Automate flaw remediation | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 1a2a03a4-9992-5788-5953-d8f6615306de | Govern policies and procedures | CMA_0292 - Govern policies and procedures | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 874a6f2e-2098-53bc-3a16-20dcdc425a7e | Create configuration plan protection | CMA_C1233 - Create configuration plan protection | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | bfc540fe-376c-2eef-4355-121312fa4437 | Maintain separate execution domains for running processes | CMA_C1665 - Maintain separate execution domains for running processes | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 | Adhere to retention periods defined | CMA_0004 - Adhere to retention periods defined | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | e54901fe-42c2-7f3b-3c5f-327aa5320a69 | Automate information sharing decisions | CMA_0028 - Automate information sharing decisions | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Monitoring | d4b065e2-fbda-4461-a42c-b0346aeb12a0 | The legacy Log Analytics extension should not be installed on Linux virtual machines | Automatically prevent installation of the legacy Log Analytics Agent as the final step of migrating from legacy agents to Azure Monitor Agent. After you have uninstalled existing legacy extensions, this policy will deny all future installations of the legacy agent extension on Linux virtual machines. Learn more: https://aka.ms/migratetoAMA | Default Audit Allowed Deny, Audit, Disabled |
add | 2022-09-27 16:35:32 d4b065e2-fbda-4461-a42c-b0346aeb12a0 |
|
| Regulatory Compliance | d25cbded-121e-0ed6-1857-dc698c9095b1 | Take action in response to customer information | CMA_C1554 - Take action in response to customer information | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 4aacaec9-0628-272c-3e83-0d68446694e0 | Manage Authenticators | CMA_C1321 - Manage Authenticators | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 9c276cf3-596f-581a-7fbd-f5e46edaa0f4 | Manage symmetric cryptographic keys | CMA_0367 - Manage symmetric cryptographic keys | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | b8dad106-6444-5f55-307e-1e1cc9723e39 | Ensure cryptographic mechanisms are under configuration management | CMA_C1199 - Ensure cryptographic mechanisms are under configuration management | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 5023a9e7-8e64-2db6-31dc-7bce27f796af | Provide privacy notice to the public and to individuals | CMA_C1861 - Provide privacy notice to the public and to individuals | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 2b4e134f-1e4c-2bff-573e-082d85479b6e | Develop an incident response plan | CMA_0145 - Develop an incident response plan | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 50e81644-923d-33fc-6ebb-9733bc8d1a06 | Perform a trend analysis on threats | CMA_0389 - Perform a trend analysis on threats | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | be1c34ab-295a-07a6-785c-36f63c1d223e | Obtain user security function documentation | CMA_C1581 - Obtain user security function documentation | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 41172402-8d73-64c7-0921-909083c086b0 | Not allow for information systems to accompany with individuals | CMA_C1182 - Not allow for information systems to accompany with individuals | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | f27a298f-9443-014a-0d40-fef12adf0259 | Review administrator assignments weekly | CMA_0461 - Review administrator assignments weekly | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | cb8841d4-9d13-7292-1d06-ba4d68384681 | Perform a business impact assessment and application criticality assessment | CMA_0386 - Perform a business impact assessment and application criticality assessment | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 7a0ecd94-3699-5273-76a5-edb8499f655a | Determine assertion requirements | CMA_0136 - Determine assertion requirements | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 9b55929b-0101-47c0-a16e-d6ac5c7d21f8 | Undergo independent security review | CMA_0515 - Undergo independent security review | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | cc2f7339-2fac-1ea9-9ca3-cd530fbb0da2 | Create alternative actions for identified anomalies | CMA_C1711 - Create alternative actions for identified anomalies | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 13efd2d7-3980-a2a4-39d0-527180c009e8 | Document security assurance requirements in acquisition contracts | CMA_0199 - Document security assurance requirements in acquisition contracts | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 0065241c-72e9-3b2c-556f-75de66332a94 | Establish parameters for searching secret authenticators and verifiers | CMA_0274 - Establish parameters for searching secret authenticators and verifiers | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 8e920169-739d-40b5-3f99-c4d855327bb2 | Prohibit binary/machine-executable code | CMA_C1717 - Prohibit binary/machine-executable code | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | eb1c944e-0e94-647b-9b7e-fdb8d2af0838 | Review user groups and applications with access to sensitive data | CMA_0481 - Review user groups and applications with access to sensitive data | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 59f7feff-02aa-6539-2cf7-bea75b762140 | Develop access control policies and procedures | CMA_0144 - Develop access control policies and procedures | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | cc057769-01d9-95ad-a36f-1e62a7f9540b | Update POA&M items | CMA_C1157 - Update POA&M items | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 34aac8b2-488a-2b96-7280-5b9b481a317a | Incorporate flaw remediation into configuration management | CMA_C1671 - Incorporate flaw remediation into configuration management | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 333b4ada-4a02-0648-3d4d-d812974f1bb2 | Govern and monitor audit processing activities | CMA_0289 - Govern and monitor audit processing activities | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 611ebc63-8600-50b6-a0e3-fef272457132 | Employ independent team for penetration testing | CMA_C1171 - Employ independent team for penetration testing | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 6bededc0-2985-54d5-4158-eb8bad8070a0 | Review and update information integrity policies and procedures | CMA_C1667 - Review and update information integrity policies and procedures | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 178c8b7e-1b6e-4289-44dd-2f1526b678a1 | Ensure alternate storage site safeguards are equivalent to primary site | CMA_C1268 - Ensure alternate storage site safeguards are equivalent to primary site | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | b6b32f80-a133-7600-301e-398d688e7e0c | Evaluate and review PII holdings regularly | CMA_C1832 - Evaluate and review PII holdings regularly | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | b262e1dd-08e9-41d4-963a-258909ad794b | Implement managed interface for each external service | CMA_C1626 - Implement managed interface for each external service | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 8c44a0ea-9b09-4d9c-0e91-f9bee3d05bfb | Document customer-defined actions | CMA_C1582 - Document customer-defined actions | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | dd2523d5-2db3-642b-a1cf-83ac973b32c2 | Establish benchmarks for flaw remediation | CMA_C1675 - Establish benchmarks for flaw remediation | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 8019d788-713d-90a1-5570-dac5052f517d | Train staff on PII sharing and its consequences | CMA_C1871 - Train staff on PII sharing and its consequences | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 04837a26-2601-1982-3da7-bf463e6408f4 | Develop configuration management plan | CMA_C1232 - Develop configuration management plan | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | aa892c0d-2c40-200c-0dd8-eac8c4748ede | Employ automatic emergency lighting | CMA_0209 - Employ automatic emergency lighting | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 97d91b33-7050-237b-3e23-a77d57d84e13 | Issue public key certificates | CMA_0347 - Issue public key certificates | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 16c54e01-9e65-7524-7c33-beda48a75779 | Produce, control and distribute symmetric cryptographic keys | CMA_C1645 - Produce, control and distribute symmetric cryptographic keys | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 98145a9b-428a-7e81-9d14-ebb154a24f93 | View and investigate restricted users | CMA_0545 - View and investigate restricted users | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 37dbe3dc-0e9c-24fa-36f2-11197cbfa207 | Ensure authorized users protect provided authenticators | CMA_C1339 - Ensure authorized users protect provided authenticators | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 52375c01-4d4c-7acc-3aa4-5b3d53a047ec | Define the duties of processors | CMA_0127 - Define the duties of processors | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Security Center | 57c2e3f0-98cf-4c3b-aa6b-e8f70726e74e | [Preview]: Configure supported Linux virtual machine scale sets to automatically install the Guest Attestation extension | Configure supported Linux virtual machines scale sets to automatically install the Guest Attestation extension to allow Azure Security Center to proactively attest and monitor the boot integrity. Boot integrity is attested via Remote Attestation. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 001 •Virtual Machine Contributor |
change | 2022-09-27 16:35:32 Major, suffix remains equal (5.0.0-preview > 6.0.0-preview) |
| Regulatory Compliance | e750ca06-1824-464a-2cf3-d0fa754d1cb4 | Establish a secure software development program | CMA_0259 - Establish a secure software development program | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 3bd4e0af-7cbb-a3ec-4918-056a3c017ae2 | Keep SORNs updated | CMA_C1863 - Keep SORNs updated | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | a315c657-4a00-8eba-15ac-44692ad24423 | Protect special information | CMA_0409 - Protect special information | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 4e400494-53a5-5147-6f4d-718b539c7394 | Manage compliance activities | CMA_0358 - Manage compliance activities | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | b8972f60-8d77-1cb8-686f-9c9f4cdd8a59 | Use dedicated machines for administrative tasks | CMA_0527 - Use dedicated machines for administrative tasks | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 77acc53d-0f67-6e06-7d04-5750653d4629 | Document the protection of cardholder data in third party contracts | CMA_0207 - Document the protection of cardholder data in third party contracts | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 0ba211ef-0e85-2a45-17fc-401d1b3f8f85 | Document requirements for the use of shared data in contracts | CMA_0197 - Document requirements for the use of shared data in contracts | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 4781e5fd-76b8-7d34-6df3-a0a7fca47665 | Prevent identifier reuse for the defined time period | CMA_C1314 - Prevent identifier reuse for the defined time period | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Regulatory Compliance | 10c3a1b1-29b0-a2d5-8f4c-a284b0f07830 | Implement cryptographic mechanisms | CMA_C1419 - Implement cryptographic mechanisms | Default Manual Allowed Manual, Disabled |
change | 2022-09-27 16:35:32 Minor (1.0.0 > 1.1.0) |
|
| Storage | 2fb86bf3-d221-43d1-96d1-2434af34eaa0 | Configure diagnostic settings for Table Services to Log Analytics workspace | Deploys the diagnostic settings for Table Services to stream resource logs to a Log Analytics workspace when any table Service which is missing this diagnostic settings is created or updated. | Default DeployIfNotExists Allowed DeployIfNotExists, AuditIfNotExists, Disabled |
count: 002 •Log Analytics Contributor •Monitoring Contributor |
change | 2022-09-23 16:35:49 Major (2.0.0 > 3.0.0) |
| Storage | b4fe1a3b-0715-4c6c-a5ea-ffc33cf823cb | Configure diagnostic settings for Blob Services to Log Analytics workspace | Deploys the diagnostic settings for Blob Services to stream resource logs to a Log Analytics workspace when any blob Service which is missing this diagnostic settings is created or updated. | Default DeployIfNotExists Allowed DeployIfNotExists, AuditIfNotExists, Disabled |
count: 002 •Log Analytics Contributor •Monitoring Contributor |
change | 2022-09-23 16:35:49 Major (2.0.0 > 3.0.0) |
| Storage | 7bd000e3-37c7-4928-9f31-86c4b77c5c45 | Configure diagnostic settings for Queue Services to Log Analytics workspace | Deploys the diagnostic settings for Queue Services to stream resource logs to a Log Analytics workspace when any queue Service which is missing this diagnostic settings is created or updated. | Default DeployIfNotExists Allowed DeployIfNotExists, AuditIfNotExists, Disabled |
count: 002 •Log Analytics Contributor •Monitoring Contributor |
change | 2022-09-23 16:35:49 Major (2.0.0 > 3.0.0) |
| Network | 711c24bb-7f18-4578-b192-81a6161e1f17 | Azure Firewall Premium should configure a valid intermediate certificate to enable TLS inspection | Configure a valid intermediate certificate and enable Azure Firewall Premium TLS inspection to detect, alert, and mitigate malicious activity in HTTPS. To learn more about TLS inspection with Azure Firewall, visit https://aka.ms/fw-tlsinspect | Default Audit Allowed Audit, Deny, Disabled |
add | 2022-09-23 16:35:49 711c24bb-7f18-4578-b192-81a6161e1f17 |
|
| Monitoring | d2185817-5b7e-473c-aadd-9de6ac114280 | The legacy Log Analytics extension should not be installed on virtual machines | Automatically prevent installation of the legacy Log Analytics Agent as the final step of migrating from legacy agents to Azure Monitor Agent. After you have uninstalled existing legacy extensions, this policy will deny all future installations of the legacy agent extension on Windows virtual machines. Learn more: https://aka.ms/migratetoAMA | Default Audit Allowed Deny, Audit, Disabled |
add | 2022-09-23 16:35:49 d2185817-5b7e-473c-aadd-9de6ac114280 |
|
| Security Center | 10caed8a-652c-4d1d-84e4-2805b7c07278 | [Preview]: Configure ChangeTracking Extension for Linux Arc machines | Configure Linux Arc machines to automatically install the ChangeTracking Extension to enable File Integrity Monitoring(FIM) in Azure Security Center. FIM examines operating system files, Windows registries, application software, Linux system files, and more, for changes that might indicate an attack. The extension can be installed in virtual machines and locations supported by Azure Monitor Agent. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 001 •Log Analytics Contributor |
change | 2022-09-23 16:35:49 Minor, suffix remains equal (1.0.0-preview > 1.1.0-preview) |
| Monitoring | df441472-4dae-4e4e-87b9-9205ba46be16 | The legacy Log Analytics extension should not be installed on Azure Arc enabled Windows servers | Automatically prevent installation of the legacy Log Analytics Agent as the final step of migrating from legacy agents to Azure Monitor Agent. After you have uninstalled existing legacy extensions, this policy will deny all future installations of the legacy agent extension on Azure Arc enabled Windows servers. Learn more: https://aka.ms/migratetoAMA | Default Audit Allowed Deny, Audit, Disabled |
add | 2022-09-23 16:35:49 df441472-4dae-4e4e-87b9-9205ba46be16 |
|
| Network | 6484db87-a62d-4327-9f07-80a2cbdf333a | Firewall Policy Premium should enable the Intrusion Detection and Prevention System (IDPS) | Enabling the Intrusion Detection and Prevention System (IDPS) allows you to monitor your network for malicious activity, log information about this activity, report it, and optionally attempt to block it. To learn more about the Intrusion Detection and Prevention System (IDPS) with Azure Firewall Premium, visit https://aka.ms/fw-idps | Default Audit Allowed Audit, Deny, Disabled |
add | 2022-09-23 16:35:49 6484db87-a62d-4327-9f07-80a2cbdf333a |
|
| Network | f2c2d0a6-e183-4fc8-bd8f-363c65d3bbbf | Subscription should configure the Azure Firewall Premium to provide additional layer of protection | Azure Firewall Premium provides advanced threat protection that meets the needs of highly sensitive and regulated environments. Deploy Azure Firewall Premium to your subscription and make sure all the service traffic are protected by Azure Firewall Premium. To learn more about Azure Firewall Premium, visit https://aka.ms/fw-premium | Default AuditIfNotExists Allowed AuditIfNotExists, Disabled |
add | 2022-09-23 16:35:49 f2c2d0a6-e183-4fc8-bd8f-363c65d3bbbf |
|
| Network | 632d3993-e2c0-44ea-a7db-2eca131f356d | Web Application Firewall (WAF) should enable all firewall rules for Application Gateway | Enabling all Web Application Firewall (WAF) rules strengthens your application security and protects your web applications against common vulnerabilities. To learn more about Web Application Firewall (WAF) with Application Gateway, visit https://aka.ms/waf-ag | Default Audit Allowed Audit, Deny, Disabled |
change | 2022-09-23 16:35:49 Patch (1.0.0 > 1.0.1) |
|
| Network | f516dc7a-4543-4d40-aad6-98f76a706b50 | Bypass list of Intrusion Detection and Prevention System (IDPS) should be empty in Firewall Policy Premium | Intrusion Detection and Prevention System (IDPS) Bypass List allows you to not filter traffic to any of the IP addresses, ranges, and subnets specified in the bypass list. However, enabling IDPS is recommanded for all traffic flows to better identify known threats. To learn more about the Intrusion Detection and Prevention System (IDPS) signatures with Azure Firewall Premium, visit https://aka.ms/fw-idps-signature | Default Audit Allowed Audit, Deny, Disabled |
add | 2022-09-23 16:35:49 f516dc7a-4543-4d40-aad6-98f76a706b50 |
|
| Security Center | 1288c8d7-4b05-4e3a-bc88-9053caefc021 | [Preview]: Configure ChangeTracking Extension for Linux virtual machine scale sets | Configure Linux virtual machine scale sets to automatically install the ChangeTracking Extension to enable File Integrity Monitoring(FIM) in Azure Security Center. FIM examines operating system files, Windows registries, application software, Linux system files, and more, for changes that might indicate an attack. The extension can be installed in virtual machines and locations supported by Azure Monitor Agent. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 001 •Virtual Machine Contributor |
change | 2022-09-23 16:35:49 Minor, suffix remains equal (1.0.0-preview > 1.1.0-preview) |
| Security Center | 4bb303db-d051-4099-95d2-e3e1428a4cd5 | [Preview]: Configure ChangeTracking Extension for Windows Arc machines | Configure Windows Arc machines to automatically install the ChangeTracking Extension to enable File Integrity Monitoring(FIM) in Azure Security Center. FIM examines operating system files, Windows registries, application software, Linux system files, and more, for changes that might indicate an attack. The extension can be installed in virtual machines and locations supported by Azure Monitor Agent. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 001 •Log Analytics Contributor |
change | 2022-09-23 16:35:49 Minor, suffix remains equal (1.0.0-preview > 1.1.0-preview) |
| Storage | 25a70cc8-2bd4-47f1-90b6-1478e4662c96 | Configure diagnostic settings for File Services to Log Analytics workspace | Deploys the diagnostic settings for File Services to stream resource logs to a Log Analytics workspace when any file Service which is missing this diagnostic settings is created or updated. | Default DeployIfNotExists Allowed DeployIfNotExists, AuditIfNotExists, Disabled |
count: 002 •Log Analytics Contributor •Monitoring Contributor |
change | 2022-09-23 16:35:49 Major (2.0.0 > 3.0.0) |
| Security Center | ec88097d-843f-4a92-8471-78016d337ba4 | [Preview]: Configure ChangeTracking Extension for Linux virtual machines | Configure Linux virtual machines to automatically install the ChangeTracking Extension to enable File Integrity Monitoring(FIM) in Azure Security Center. FIM examines operating system files, Windows registries, application software, Linux system files, and more, for changes that might indicate an attack. The extension can be installed in virtual machines and locations supported by Azure Monitor Agent. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 001 •Virtual Machine Contributor |
change | 2022-09-23 16:35:49 Minor, suffix remains equal (1.0.0-preview > 1.1.0-preview) |
| Security Center | f08f556c-12ff-464d-a7de-40cb5b6cccec | [Preview]: Configure ChangeTracking Extension for Windows virtual machines | Configure Windows virtual machines to automatically install the ChangeTracking Extension to enable File Integrity Monitoring(FIM) in Azure Security Center. FIM examines operating system files, Windows registries, application software, Linux system files, and more, for changes that might indicate an attack. The extension can be installed in virtual machines and locations supported by Azure Monitor Agent. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 001 •Virtual Machine Contributor |
change | 2022-09-23 16:35:49 Minor, suffix remains equal (1.0.0-preview > 1.1.0-preview) |
| Security Center | 4bb303db-d051-4099-95d2-e3e1428a4d2c | [Preview]: Configure ChangeTracking Extension for Windows virtual machine scale sets | Configure Windows virtual machine scale sets to automatically install the ChangeTracking Extension to enable File Integrity Monitoring(FIM) in Azure Security Center. FIM examines operating system files, Windows registries, application software, Linux system files, and more, for changes that might indicate an attack. The extension can be installed in virtual machines and locations supported by Azure Monitor Agent. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 001 •Virtual Machine Contributor |
change | 2022-09-23 16:35:49 Minor, suffix remains equal (1.0.0-preview > 1.1.0-preview) |
| Storage | 59759c62-9a22-4cdf-ae64-074495983fef | Configure diagnostic settings for Storage Accounts to Log Analytics workspace | Deploys the diagnostic settings for Storage accounts to stream resource logs to a Log Analytics workspace when any storage accounts which is missing this diagnostic settings is created or updated. | Default DeployIfNotExists Allowed DeployIfNotExists, AuditIfNotExists, Disabled |
count: 002 •Log Analytics Contributor •Monitoring Contributor |
change | 2022-09-23 16:35:49 Major (2.0.0 > 3.0.0) |
| Storage | 8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 | Storage accounts should prevent shared key access | Audit requirement of Azure Active Directory (Azure AD) to authorize requests for your storage account. By default, requests can be authorized with either Azure Active Directory credentials, or by using the account access key for Shared Key authorization. Of these two types of authorization, Azure AD provides superior security and ease of use over Shared Key, and is recommended by Microsoft. | Default Audit Allowed Audit, Deny, Disabled |
change | 2022-09-23 16:35:49 Major (1.0.0 > 2.0.0) |
|
| Security Center | 9297c21d-2ed6-4474-b48f-163f75654ce3 | MFA should be enabled for accounts with write permissions on your subscription | Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with write privileges to prevent a breach of accounts or resources. | Default AuditIfNotExists Allowed AuditIfNotExists, Disabled |
change | 2022-09-23 16:35:49 Patch (3.0.0 > 3.0.1) |
|
| Monitoring | ba6881f9-ab93-498b-8bad-bb91b1d755bf | The legacy Log Analytics extension should not be installed on virtual machine scale sets | Automatically prevent installation of the legacy Log Analytics Agent as the final step of migrating from legacy agents to Azure Monitor Agent. After you have uninstalled existing legacy extensions, this policy will deny all future installations of the legacy agent extension on Windows virtual machine scale sets. Learn more: https://aka.ms/migratetoAMA | Default Audit Allowed Deny, Audit, Disabled |
add | 2022-09-23 16:35:49 ba6881f9-ab93-498b-8bad-bb91b1d755bf |
|
| Guest Configuration | 357cbd2d-b5c0-4c73-b40c-6bd84f06ce09 | [Preview]: Configure Windows Server to disable local users. | Creates a Guest Configuration assignment to configure disabling local users on Windows Server. This ensures that Windows Servers can only be accessed by AAD (Azure Active Directory) account or a list of explicitly allowed users by this policy, improving overall security posture. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 001 •Guest Configuration Resource Contributor |
add | 2022-09-23 16:35:49 357cbd2d-b5c0-4c73-b40c-6bd84f06ce09 |
| Network | 610b6183-5f00-4d68-86d2-4ab4cb3a67a5 | Firewall Policy Premium should enable all IDPS signature rules to monitor all inbound and outbound traffic flows | Enabling all Intrusion Detection and Prevention System (IDPS) signature rules is recommanded to better identify known threats in the traffic flows. To learn more about the Intrusion Detection and Prevention System (IDPS) signatures with Azure Firewall Premium, visit https://aka.ms/fw-idps-signature | Default Audit Allowed Audit, Deny, Disabled |
add | 2022-09-23 16:35:49 610b6183-5f00-4d68-86d2-4ab4cb3a67a5 |
|
| Regulatory Compliance | 1fdeb7c4-4c93-8271-a135-17ebe85f1cc7 | Incorporate simulated events into incident response training | CMA_C1356 - Incorporate simulated events into incident response training | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 1fdeb7c4-4c93-8271-a135-17ebe85f1cc7 |
|
| Regulatory Compliance | 6f311b49-9b0d-8c67-3d6e-db80ae528173 | Bind authenticators and identities dynamically | CMA_0035 - Bind authenticators and identities dynamically | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 6f311b49-9b0d-8c67-3d6e-db80ae528173 |
|
| Regulatory Compliance | be1c34ab-295a-07a6-785c-36f63c1d223e | Obtain user security function documentation | CMA_C1581 - Obtain user security function documentation | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 be1c34ab-295a-07a6-785c-36f63c1d223e |
|
| Regulatory Compliance | 5bac5fb7-7735-357b-767d-02264bfe5c3b | Perform all non-local maintenance | CMA_C1417 - Perform all non-local maintenance | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 5bac5fb7-7735-357b-767d-02264bfe5c3b |
|
| Regulatory Compliance | 3a868d0c-538f-968b-0191-bddb44da5b75 | Require developers to document approved changes and potential impact | CMA_C1597 - Require developers to document approved changes and potential impact | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 3a868d0c-538f-968b-0191-bddb44da5b75 |
|
| Regulatory Compliance | 2d14ff7e-6ff9-838c-0cde-4962ccdb1689 | Employ business case to record the resources required | CMA_C1735 - Employ business case to record the resources required | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 2d14ff7e-6ff9-838c-0cde-4962ccdb1689 |
|
| Regulatory Compliance | e750ca06-1824-464a-2cf3-d0fa754d1cb4 | Establish a secure software development program | CMA_0259 - Establish a secure software development program | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 e750ca06-1824-464a-2cf3-d0fa754d1cb4 |
|
| Regulatory Compliance | 70057208-70cc-7b31-3c3a-121af6bc1966 | Secure commitment from leadership | CMA_0489 - Secure commitment from leadership | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 70057208-70cc-7b31-3c3a-121af6bc1966 |
|
| Storage | b4fe1a3b-0715-4c6c-a5ea-ffc33cf823cb | Configure diagnostic settings for Blob Services to Log Analytics workspace | Deploys the diagnostic settings for Blob Services to stream resource logs to a Log Analytics workspace when any blob Service which is missing this diagnostic settings is created or updated. | Default DeployIfNotExists Allowed DeployIfNotExists, AuditIfNotExists, Disabled |
count: 002 •Log Analytics Contributor •Monitoring Contributor |
change | 2022-09-19 17:41:40 Major (1.0.0 > 2.0.0) |
| Kubernetes | 1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d | Kubernetes clusters should be accessible only over HTTPS | Use of HTTPS ensures authentication and protects data in transit from network layer eavesdropping attacks. This capability is currently generally available for Kubernetes Service (AKS), and in preview for Azure Arc enabled Kubernetes. For more info, visit https://aka.ms/kubepolicydoc | Default Deny Allowed audit, Audit, deny, Deny, disabled, Disabled |
change | 2022-09-19 17:41:40 Major (7.0.0 > 8.0.0) |
|
| Kubernetes | c26596ff-4d70-4e6a-9a30-c2506bd2f80c | Kubernetes cluster containers should only use allowed capabilities | Restrict the capabilities to reduce the attack surface of containers in a Kubernetes cluster. This recommendation is part of CIS 5.2.8 and CIS 5.2.9 which are intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. | Default Audit Allowed audit, Audit, deny, Deny, disabled, Disabled |
change | 2022-09-19 17:41:40 Major (5.0.1 > 6.0.0) |
|
| Regulatory Compliance | 9c954fcf-6dd8-81f1-41b5-832ae5c62caf | Incorporate simulated contingency training | CMA_C1260 - Incorporate simulated contingency training | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 9c954fcf-6dd8-81f1-41b5-832ae5c62caf |
|
| Regulatory Compliance | bd6cbcba-4a2d-507c-53e3-296b5c238a8e | Develop and document a business continuity and disaster recovery plan | CMA_0146 - Develop and document a business continuity and disaster recovery plan | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 bd6cbcba-4a2d-507c-53e3-296b5c238a8e |
|
| App Service | cae7c12e-764b-4c87-841a-fdc6675d196f | App Service app slots should not have CORS configured to allow every resource to access your apps | Cross-Origin Resource Sharing (CORS) should not allow all domains to access your app. Allow only required domains to interact with your app. | Default AuditIfNotExists Allowed AuditIfNotExists, Disabled |
add | 2022-09-19 17:41:40 cae7c12e-764b-4c87-841a-fdc6675d196f |
|
| Regulatory Compliance | 1b8a7ec3-11cc-a2d3-8cd0-eedf074424a4 | Employ automatic shutdown/restart when violations are detected | CMA_C1715 - Employ automatic shutdown/restart when violations are detected | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 1b8a7ec3-11cc-a2d3-8cd0-eedf074424a4 |
|
| Regulatory Compliance | 06af77de-02ca-0f3e-838a-a9420fe466f5 | Establish a discrete line item in budgeting documentation | CMA_C1563 - Establish a discrete line item in budgeting documentation | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 06af77de-02ca-0f3e-838a-a9420fe466f5 |
|
| App Service | c285a320-8830-4665-9cc7-bbd05fc7c5c0 | App Service app slots should require FTPS only | Enable FTPS enforcement for enhanced security. | Default AuditIfNotExists Allowed AuditIfNotExists, Disabled |
add | 2022-09-19 17:41:40 c285a320-8830-4665-9cc7-bbd05fc7c5c0 |
|
| Regulatory Compliance | 3baee3fd-30f5-882c-018c-cc78703a0106 | Employ independent assessors for continuous monitoring | CMA_C1168 - Employ independent assessors for continuous monitoring | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 3baee3fd-30f5-882c-018c-cc78703a0106 |
|
| Regulatory Compliance | 874a6f2e-2098-53bc-3a16-20dcdc425a7e | Create configuration plan protection | CMA_C1233 - Create configuration plan protection | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 874a6f2e-2098-53bc-3a16-20dcdc425a7e |
|
| Kubernetes | 82985f06-dc18-4a48-bc1c-b9f4f0098cfe | Kubernetes cluster pods should only use approved host network and port range | Restrict pod access to the host network and the allowable host port range in a Kubernetes cluster. This recommendation is part of CIS 5.2.4 which is intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. | Default Audit Allowed audit, Audit, deny, Deny, disabled, Disabled |
change | 2022-09-19 17:41:40 Major (5.0.0 > 6.0.0) |
|
| Regulatory Compliance | a4493012-908c-5f48-a468-1e243be884ce | Review security assessment and authorization policies and procedures | CMA_C1143 - Review security assessment and authorization policies and procedures | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 a4493012-908c-5f48-a468-1e243be884ce |
|
| Regulatory Compliance | 5269d7e4-3768-501d-7e46-66c56c15622c | Manage contacts for authorities and special interest groups | CMA_0359 - Manage contacts for authorities and special interest groups | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 5269d7e4-3768-501d-7e46-66c56c15622c |
|
| Regulatory Compliance | b8689b2e-4308-a58b-a0b4-6f3343a000df | Use automated mechanisms for security alerts | CMA_C1707 - Use automated mechanisms for security alerts | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 b8689b2e-4308-a58b-a0b4-6f3343a000df |
|
| Regulatory Compliance | 4b8fd5da-609b-33bf-9724-1c946285a14c | Notify Account Managers of customer controlled accounts | CMA_C1009 - Notify Account Managers of customer controlled accounts | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 4b8fd5da-609b-33bf-9724-1c946285a14c |
|
| Regulatory Compliance | 0065241c-72e9-3b2c-556f-75de66332a94 | Establish parameters for searching secret authenticators and verifiers | CMA_0274 - Establish parameters for searching secret authenticators and verifiers | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 0065241c-72e9-3b2c-556f-75de66332a94 |
|
| Regulatory Compliance | 33d34fac-56a8-1c0f-0636-3ed94892a709 | Govern the allocation of resources | CMA_0293 - Govern the allocation of resources | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 33d34fac-56a8-1c0f-0636-3ed94892a709 |
|
| Kubernetes | 47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 | Kubernetes cluster containers should not share host process ID or host IPC namespace | Block pod containers from sharing the host process ID namespace and host IPC namespace in a Kubernetes cluster. This recommendation is part of CIS 5.2.2 and CIS 5.2.3 which are intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. | Default Audit Allowed audit, Audit, deny, Deny, disabled, Disabled |
change | 2022-09-19 17:41:40 Major (4.0.1 > 5.0.0) |
|
| Regulatory Compliance | d25cbded-121e-0ed6-1857-dc698c9095b1 | Take action in response to customer information | CMA_C1554 - Take action in response to customer information | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 d25cbded-121e-0ed6-1857-dc698c9095b1 |
|
| Regulatory Compliance | 96333008-988d-4add-549b-92b3a8c42063 | Update privacy plan, policies, and procedures | CMA_C1807 - Update privacy plan, policies, and procedures | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 96333008-988d-4add-549b-92b3a8c42063 |
|
| Regulatory Compliance | 60442979-6333-85f0-84c5-b887bac67448 | Evaluate alternate processing site capabilities | CMA_C1266 - Evaluate alternate processing site capabilities | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 60442979-6333-85f0-84c5-b887bac67448 |
|
| Regulatory Compliance | 096a7055-30cb-2db4-3fda-41b20ac72667 | Require interconnection security agreements | CMA_C1151 - Require interconnection security agreements | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 096a7055-30cb-2db4-3fda-41b20ac72667 |
|
| Regulatory Compliance | edcc36f1-511b-81e0-7125-abee29752fe7 | Manage availability and capacity | CMA_0356 - Manage availability and capacity | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 edcc36f1-511b-81e0-7125-abee29752fe7 |
|
| App Service | 13bcff5d-f0eb-4ce7-913e-83ad6300376b | Function app slots should use an Azure file share for its content directory | The content directory of a Function app should be located on an Azure file share. The storage account information for the file share must be provided before any publishing activity. To learn more about using Azure Files for hosting app service content refer to https://go.microsoft.com/fwlink/?linkid=2151594. | Default Audit Allowed Audit, Disabled |
add | 2022-09-19 17:41:40 13bcff5d-f0eb-4ce7-913e-83ad6300376b |
|
| Regulatory Compliance | b262e1dd-08e9-41d4-963a-258909ad794b | Implement managed interface for each external service | CMA_C1626 - Implement managed interface for each external service | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 b262e1dd-08e9-41d4-963a-258909ad794b |
|
| Regulatory Compliance | 16c54e01-9e65-7524-7c33-beda48a75779 | Produce, control and distribute symmetric cryptographic keys | CMA_C1645 - Produce, control and distribute symmetric cryptographic keys | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 16c54e01-9e65-7524-7c33-beda48a75779 |
|
| Regulatory Compliance | 82bd024a-5c99-05d6-96ff-01f539676a1a | Monitor security and privacy training completion | CMA_0379 - Monitor security and privacy training completion | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 82bd024a-5c99-05d6-96ff-01f539676a1a |
|
| Regulatory Compliance | ff1efad2-6b09-54cc-01bf-d386c4d558a8 | Secure the interface to external systems | CMA_0491 - Secure the interface to external systems | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 ff1efad2-6b09-54cc-01bf-d386c4d558a8 |
|
| Regulatory Compliance | f49925aa-9b11-76ae-10e2-6e973cc60f37 | Review and update system and services acquisition policies and procedures | CMA_C1560 - Review and update system and services acquisition policies and procedures | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 f49925aa-9b11-76ae-10e2-6e973cc60f37 |
|
| Kubernetes | d2e7ea85-6b44-4317-a0be-1b951587f626 | Kubernetes clusters should not grant CAP_SYS_ADMIN security capabilities | To reduce the attack surface of your containers, restrict CAP_SYS_ADMIN Linux capabilities. For more information, see https://aka.ms/kubepolicydoc. | Default Audit Allowed audit, Audit, deny, Deny, disabled, Disabled |
change | 2022-09-19 17:41:40 Major (4.0.0 > 5.0.0) |
|
| Regulatory Compliance | 76d66b5c-85e4-93f5-96a5-ebb2fad61dc6 | Terminate customer controlled account credentials | CMA_C1022 - Terminate customer controlled account credentials | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 76d66b5c-85e4-93f5-96a5-ebb2fad61dc6 |
|
| Regulatory Compliance | b4e19d22-8c0e-7cad-3219-c84c62dc250f | Review and update media protection policies and procedures | CMA_C1427 - Review and update media protection policies and procedures | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 b4e19d22-8c0e-7cad-3219-c84c62dc250f |
|
| Regulatory Compliance | 25a1f840-65d0-900a-43e4-bee253de04de | Define requirements for managing assets | CMA_0125 - Define requirements for managing assets | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 25a1f840-65d0-900a-43e4-bee253de04de |
|
| Regulatory Compliance | aa305b4d-8c84-1754-0c74-dec004e66be0 | Develop contingency plan | CMA_C1244 - Develop contingency plan | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 aa305b4d-8c84-1754-0c74-dec004e66be0 |
|
| Regulatory Compliance | de936662-13dc-204c-75ec-1af80f994088 | Provide contingency training | CMA_0412 - Provide contingency training | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 de936662-13dc-204c-75ec-1af80f994088 |
|
| Regulatory Compliance | e21f91d1-2803-0282-5f2d-26ebc4b170ef | Update organizational access agreements | CMA_0520 - Update organizational access agreements | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 e21f91d1-2803-0282-5f2d-26ebc4b170ef |
|
| Regulatory Compliance | 2d2ca910-7957-23ee-2945-33f401606efc | Accept only FICAM-approved third-party credentials | CMA_C1348 - Accept only FICAM-approved third-party credentials | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 2d2ca910-7957-23ee-2945-33f401606efc |
|
| Network | 5e1cd26a-5090-4fdb-9d6a-84a90335e22d | Configure network security groups to use specific workspace, storage account and flowlog retention policy for traffic analytics | If it already has traffic analytics enabled, then policy will overwrite its existing settings with the ones provided during policy creation. Traffic analytics is a cloud-based solution that provides visibility into user and application activity in cloud networks. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 001 •Contributor |
change | 2022-09-19 17:41:40 Minor (1.0.1 > 1.1.0) |
| Regulatory Compliance | 464a7d7a-2358-4869-0b49-6d582ca21292 | Ensure capital planning and investment requests include necessary resources | CMA_C1734 - Ensure capital planning and investment requests include necessary resources | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 464a7d7a-2358-4869-0b49-6d582ca21292 |
|
| Kubernetes | a2abc456-f0ae-464b-bd3a-07a3cdbd7fb1 | Kubernetes cluster Windows containers should not overcommit cpu and memory | Windows container resource requests should be less or equal to the resource limit or unspecified to avoid overcommit. If Windows memory is over-provisioned it will process pages in disk - which can slow down performance - instead of terminating the container with out-of-memory | Default Audit Allowed Audit, Deny, Disabled |
change | 2022-09-19 17:41:40 Major (1.0.2 > 2.0.0) |
|
| Regulatory Compliance | 08c11b48-8745-034d-1c1b-a144feec73b9 | Restrict use of open source software | CMA_C1237 - Restrict use of open source software | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 08c11b48-8745-034d-1c1b-a144feec73b9 |
|
| Regulatory Compliance | e7589f4e-1e8b-72c2-3692-1e14d7f3699f | Ensure access agreements are signed or resigned timely | CMA_C1528 - Ensure access agreements are signed or resigned timely | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 e7589f4e-1e8b-72c2-3692-1e14d7f3699f |
|
| Kubernetes | 098fc59e-46c7-4d99-9b16-64990e543d75 | Kubernetes cluster pod hostPath volumes should only use allowed host paths | Limit pod HostPath volume mounts to the allowed host paths in a Kubernetes Cluster. This recommendation is part of Pod Security Policies which are intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. | Default Audit Allowed audit, Audit, deny, Deny, disabled, Disabled |
change | 2022-09-19 17:41:40 Major (5.0.1 > 6.0.0) |
|
| Regulatory Compliance | 22a02c9a-49e4-5dc9-0d14-eb35ad717154 | Obtain design and implementation information for the security controls | CMA_C1576 - Obtain design and implementation information for the security controls | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 22a02c9a-49e4-5dc9-0d14-eb35ad717154 |
|
| Regulatory Compliance | 1fdf0b24-4043-3c55-357e-036985d50b52 | Ensure security safeguards not needed when the individuals return | CMA_C1183 - Ensure security safeguards not needed when the individuals return | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 1fdf0b24-4043-3c55-357e-036985d50b52 |
|
| Regulatory Compliance | 318b2bd9-9c39-9f8b-46a7-048401f33476 | Address coding vulnerabilities | CMA_0003 - Address coding vulnerabilities | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 318b2bd9-9c39-9f8b-46a7-048401f33476 |
|
| Regulatory Compliance | 09960521-759e-5d12-086f-4192a72a5e92 | Protect administrator and user documentation | CMA_C1583 - Protect administrator and user documentation | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 09960521-759e-5d12-086f-4192a72a5e92 |
|
| Regulatory Compliance | 94c842e3-8098-38f9-6d3f-8872b790527d | Remove or redact any PII | CMA_C1833 - Remove or redact any PII | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 94c842e3-8098-38f9-6d3f-8872b790527d |
|
| App Service | dcbc65aa-59f3-4239-8978-3bb869d82604 | App Service apps should use an Azure file share for its content directory | The content directory of an app should be located on an Azure file share. The storage account information for the file share must be provided before any publishing activity. To learn more about using Azure Files for hosting app service content refer to https://go.microsoft.com/fwlink/?linkid=2151594. | Default Audit Allowed Audit, Disabled |
change | 2022-09-19 17:41:40 Major (2.0.0 > 3.0.0) |
|
| Regulatory Compliance | e54901fe-42c2-7f3b-3c5f-327aa5320a69 | Automate information sharing decisions | CMA_0028 - Automate information sharing decisions | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 e54901fe-42c2-7f3b-3c5f-327aa5320a69 |
|
| Regulatory Compliance | 6bededc0-2985-54d5-4158-eb8bad8070a0 | Review and update information integrity policies and procedures | CMA_C1667 - Review and update information integrity policies and procedures | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 6bededc0-2985-54d5-4158-eb8bad8070a0 |
|
| Regulatory Compliance | 8e920169-739d-40b5-3f99-c4d855327bb2 | Prohibit binary/machine-executable code | CMA_C1717 - Prohibit binary/machine-executable code | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 8e920169-739d-40b5-3f99-c4d855327bb2 |
|
| Regulatory Compliance | 20012034-96f0-85c2-4a86-1ae1eb457802 | Review and update risk assessment policies and procedures | CMA_C1537 - Review and update risk assessment policies and procedures | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 20012034-96f0-85c2-4a86-1ae1eb457802 |
|
| Regulatory Compliance | f801d58e-5659-9a4a-6e8d-02c9334732e5 | Restore resources to operational state | CMA_C1297 - Restore resources to operational state | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 f801d58e-5659-9a4a-6e8d-02c9334732e5 |
|
| Regulatory Compliance | ca6d7878-3189-1833-4620-6c7254ed1607 | Obtain continuous monitoring plan for security controls | CMA_C1577 - Obtain continuous monitoring plan for security controls | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 ca6d7878-3189-1833-4620-6c7254ed1607 |
|
| Regulatory Compliance | 0dcbaf2f-075e-947b-8f4c-74ecc5cd302c | Identify individuals with security roles and responsibilities | CMA_C1566 - Identify individuals with security roles and responsibilities | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 0dcbaf2f-075e-947b-8f4c-74ecc5cd302c |
|
| Kubernetes | 975ce327-682c-4f2e-aa46-b9598289b86c | Kubernetes cluster containers should only use allowed seccomp profiles | Pod containers can only use allowed seccomp profiles in a Kubernetes cluster. This recommendation is part of Pod Security Policies which are intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. | Default Audit Allowed audit, Audit, deny, Deny, disabled, Disabled |
change | 2022-09-19 17:41:40 Major (5.0.1 > 7.0.0) |
|
| Regulatory Compliance | 12af7c7a-92af-9e96-0d0c-5e732d1a3751 | Ensure information system fails in known state | CMA_C1662 - Ensure information system fails in known state | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 12af7c7a-92af-9e96-0d0c-5e732d1a3751 |
|
| Regulatory Compliance | 3eecf628-a1c8-1b48-1b5c-7ca781e97970 | Specify permitted actions associated with customer audit information | CMA_C1122 - Specify permitted actions associated with customer audit information | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 3eecf628-a1c8-1b48-1b5c-7ca781e97970 |
|
| App Service | 72d04c29-f87d-4575-9731-419ff16a2757 | App Service apps should be injected into a virtual network | Injecting App Service Apps in a virtual network unlocks advanced App Service networking and security features and provides you with greater control over your network security configuration. Learn more at: https://docs.microsoft.com/azure/app-service/web-sites-integrate-with-vnet. | Default Audit Allowed Audit, Deny, Disabled |
change | 2022-09-19 17:41:40 Major (2.0.0 > 3.0.0) |
|
| Regulatory Compliance | 84a01872-5318-049e-061e-d56734183e84 | Distribute information system documentation | CMA_C1584 - Distribute information system documentation | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 84a01872-5318-049e-061e-d56734183e84 |
|
| Regulatory Compliance | c6fe3856-4635-36b6-983c-070da12a953b | Implement the risk management strategy | CMA_C1744 - Implement the risk management strategy | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 c6fe3856-4635-36b6-983c-070da12a953b |
|
| Regulatory Compliance | 6c79c3e5-5f7b-a48a-5c7b-8c158bc01115 | Ensure security categorization is approved | CMA_C1540 - Ensure security categorization is approved | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 6c79c3e5-5f7b-a48a-5c7b-8c158bc01115 |
|
| Regulatory Compliance | d48a6f19-a284-6fc6-0623-3367a74d3f50 | Update interconnection security agreements | CMA_0519 - Update interconnection security agreements | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 d48a6f19-a284-6fc6-0623-3367a74d3f50 |
|
| Regulatory Compliance | b2c723e8-a1a0-8e38-5cf1-f5a20ffe4f51 | Publish access procedures in SORNs | CMA_C1848 - Publish access procedures in SORNs | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 b2c723e8-a1a0-8e38-5cf1-f5a20ffe4f51 |
|
| Regulatory Compliance | 676c3c35-3c36-612c-9523-36d266a65000 | Require developers to provide training | CMA_C1611 - Require developers to provide training | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 676c3c35-3c36-612c-9523-36d266a65000 |
|
| Regulatory Compliance | 524e7136-9f6a-75ba-9089-501018151346 | Document security and privacy training activities | CMA_0198 - Document security and privacy training activities | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 524e7136-9f6a-75ba-9089-501018151346 |
|
| Regulatory Compliance | 4e45863d-9ea9-32b4-a204-2680bc6007a6 | Require external service providers to comply with security requirements | CMA_C1586 - Require external service providers to comply with security requirements | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 4e45863d-9ea9-32b4-a204-2680bc6007a6 |
|
| Storage | 7bd000e3-37c7-4928-9f31-86c4b77c5c45 | Configure diagnostic settings for Queue Services to Log Analytics workspace | Deploys the diagnostic settings for Queue Services to stream resource logs to a Log Analytics workspace when any queue Service which is missing this diagnostic settings is created or updated. | Default DeployIfNotExists Allowed DeployIfNotExists, AuditIfNotExists, Disabled |
count: 002 •Log Analytics Contributor •Monitoring Contributor |
change | 2022-09-19 17:41:40 Major (1.0.0 > 2.0.0) |
| Regulatory Compliance | 2f204e72-1896-3bf8-75c9-9128b8683a36 | Reissue authenticators for changed groups and accounts | CMA_0426 - Reissue authenticators for changed groups and accounts | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 2f204e72-1896-3bf8-75c9-9128b8683a36 |
|
| Regulatory Compliance | bbb2e6d6-085f-5a35-a55d-e45daad38933 | Provide secure name and address resolution services | CMA_0416 - Provide secure name and address resolution services | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 bbb2e6d6-085f-5a35-a55d-e45daad38933 |
|
| Regulatory Compliance | bb048641-6017-7272-7772-a008f285a520 | Develop spillage response procedures | CMA_0162 - Develop spillage response procedures | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 bb048641-6017-7272-7772-a008f285a520 |
|
| Regulatory Compliance | 20762f1e-85fb-31b0-a600-e833633f10fe | Reveal error messages | CMA_C1725 - Reveal error messages | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 20762f1e-85fb-31b0-a600-e833633f10fe |
|
| App Service | 6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab | Function apps should only be accessible over HTTPS | Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. | Default Audit Allowed Audit, Disabled, Deny |
change | 2022-09-19 17:41:40 Major (3.0.0 > 4.0.0) |
|
| Regulatory Compliance | 2e7a98c9-219f-0d58-38dc-d69038224442 | Protect the information security program plan | CMA_C1732 - Protect the information security program plan | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 2e7a98c9-219f-0d58-38dc-d69038224442 |
|
| Regulatory Compliance | 74041cfe-3f87-1d17-79ec-34ca5f895542 | Produce complete records of remote maintenance activities | CMA_C1403 - Produce complete records of remote maintenance activities | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 74041cfe-3f87-1d17-79ec-34ca5f895542 |
|
| Regulatory Compliance | 1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68 | Conduct risk assessment and document its results | CMA_C1542 - Conduct risk assessment and document its results | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68 |
|
| Regulatory Compliance | d9edcea6-6cb8-0266-a48c-2061fbac4310 | Plan for continuance of essential business functions | CMA_C1255 - Plan for continuance of essential business functions | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 d9edcea6-6cb8-0266-a48c-2061fbac4310 |
|
| Regulatory Compliance | 4012c2b7-4e0e-a7ab-1688-4aab43f14420 | Map authenticated identities to individuals | CMA_0372 - Map authenticated identities to individuals | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 4012c2b7-4e0e-a7ab-1688-4aab43f14420 |
|
| Regulatory Compliance | a90c4d44-7fac-8e02-6d5b-0d92046b20e6 | Automate flaw remediation | CMA_0027 - Automate flaw remediation | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 a90c4d44-7fac-8e02-6d5b-0d92046b20e6 |
|
| Regulatory Compliance | 171e377b-5224-4a97-1eaa-62a3b5231dac | Generate internal security alerts | CMA_C1704 - Generate internal security alerts | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 171e377b-5224-4a97-1eaa-62a3b5231dac |
|
| Network | e920df7f-9a64-4066-9b58-52684c02a091 | Configure network security groups to enable traffic analytics | Traffic analytics can be enabled for all network security groups hosted in a particular region with the settings provided during policy creation. If it already has Traffic analytics enabled, then policy does not overwrite its settings. Flow Logs are also enabled for the Network security groups that do not have it. Traffic analytics is a cloud-based solution that provides visibility into user and application activity in cloud networks. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 001 •Contributor |
change | 2022-09-19 17:41:40 Minor (1.0.1 > 1.1.0) |
| Regulatory Compliance | 3af53f59-979f-24a8-540f-d7cdbc366607 | Require users to sign access agreement | CMA_0440 - Require users to sign access agreement | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 3af53f59-979f-24a8-540f-d7cdbc366607 |
|
| Regulatory Compliance | eff6e4a5-3efe-94dd-2ed1-25d56a019a82 | Distribute policies and procedures | CMA_0185 - Distribute policies and procedures | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 eff6e4a5-3efe-94dd-2ed1-25d56a019a82 |
|
| Regulatory Compliance | 729c8708-2bec-093c-8427-2e87d2cd426d | Automate notification of employee termination | CMA_C1521 - Automate notification of employee termination | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 729c8708-2bec-093c-8427-2e87d2cd426d |
|
| Regulatory Compliance | d9af7f88-686a-5a8b-704b-eafdab278977 | Obtain legal opinion for monitoring system activities | CMA_C1688 - Obtain legal opinion for monitoring system activities | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 d9af7f88-686a-5a8b-704b-eafdab278977 |
|
| Regulatory Compliance | b544f797-a73b-1be3-6d01-6b1a085376bc | Establish information security workforce development and improvement program | CMA_C1752 - Establish information security workforce development and improvement program | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 b544f797-a73b-1be3-6d01-6b1a085376bc |
|
| App Service | 1f01f1c7-539c-49b5-9ef4-d4ffa37d22e0 | Configure Function apps to use the latest TLS version | Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for Function apps to take advantage of security fixes, if any, and/or new functionalities of the latest version. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 001 •Website Contributor |
add | 2022-09-19 17:41:40 1f01f1c7-539c-49b5-9ef4-d4ffa37d22e0 |
| Kubernetes | 50c83470-d2f0-4dda-a716-1938a4825f62 | Kubernetes cluster containers should only use allowed pull policy | Restrict containers' pull policy to enforce containers to use only allowed images on deployments | Default Audit Allowed Audit, Deny, Disabled |
change | 2022-09-19 17:41:40 Major (2.0.0 > 3.0.0) |
|
| Regulatory Compliance | c6aeb800-0b19-944d-92dc-59b893722329 | Rescreen individuals at a defined frequency | CMA_C1512 - Rescreen individuals at a defined frequency | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 c6aeb800-0b19-944d-92dc-59b893722329 |
|
| Regulatory Compliance | 0471c6b7-1588-701c-2713-1fade73b75f6 | Display an explicit logout message | CMA_C1056 - Display an explicit logout message | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 0471c6b7-1588-701c-2713-1fade73b75f6 |
|
| Regulatory Compliance | ffea18d9-13de-6505-37f3-4c1f88070ad7 | Review cloud service provider's compliance with policies and agreements | CMA_0469 - Review cloud service provider's compliance with policies and agreements | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 ffea18d9-13de-6505-37f3-4c1f88070ad7 |
|
| Regulatory Compliance | ba99d512-3baa-1c38-8b0b-ae16bbd34274 | Test contingency plan at an alternate processing location | CMA_C1265 - Test contingency plan at an alternate processing location | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 ba99d512-3baa-1c38-8b0b-ae16bbd34274 |
|
| Regulatory Compliance | 55be3260-a7a2-3c06-7fe6-072d07525ab7 | Accept PIV credentials | CMA_C1347 - Accept PIV credentials | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 55be3260-a7a2-3c06-7fe6-072d07525ab7 |
|
| Kubernetes | f06ddb64-5fa3-4b77-b166-acb36f7f6042 | Kubernetes cluster pods and containers should only run with approved user and group IDs | Control the user, primary group, supplemental group and file system group IDs that pods and containers can use to run in a Kubernetes Cluster. This recommendation is part of Pod Security Policies which are intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. | Default Audit Allowed audit, Audit, deny, Deny, disabled, Disabled |
change | 2022-09-19 17:41:40 Major (5.0.2 > 6.0.0) |
|
| App Service | 4d0bc837-6eff-477e-9ecd-33bf8d4212a5 | Function apps should use an Azure file share for its content directory | The content directory of a Function app should be located on an Azure file share. The storage account information for the file share must be provided before any publishing activity. To learn more about using Azure Files for hosting app service content refer to https://go.microsoft.com/fwlink/?linkid=2151594. | Default Audit Allowed Audit, Disabled |
change | 2022-09-19 17:41:40 Major (2.0.0 > 3.0.0) |
|
| App Service | cf9ca02d-383e-4506-a421-258cc1a5300d | Function app slots should have 'Client Certificates (Incoming client certificates)' enabled | Client certificates allow for the app to request a certificate for incoming requests. Only clients with valid certificates will be able to reach the app. | Default Audit Allowed Audit, Disabled |
add | 2022-09-19 17:41:40 cf9ca02d-383e-4506-a421-258cc1a5300d |
|
| Regulatory Compliance | d7c1ecc3-2980-a079-1569-91aec8ac4a77 | Conduct risk assessment and distribute its results | CMA_C1544 - Conduct risk assessment and distribute its results | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 d7c1ecc3-2980-a079-1569-91aec8ac4a77 |
|
| Regulatory Compliance | 8b333332-6efd-7c0d-5a9f-d1eb95105214 | Employ FIPS 201-approved technology for PIV | CMA_C1579 - Employ FIPS 201-approved technology for PIV | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 8b333332-6efd-7c0d-5a9f-d1eb95105214 |
|
| Regulatory Compliance | afd5d60a-48d2-8073-1ec2-6687e22f2ddd | Require notification of third-party personnel transfer or termination | CMA_C1532 - Require notification of third-party personnel transfer or termination | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 afd5d60a-48d2-8073-1ec2-6687e22f2ddd |
|
| Storage | 2fb86bf3-d221-43d1-96d1-2434af34eaa0 | Configure diagnostic settings for Table Services to Log Analytics workspace | Deploys the diagnostic settings for Table Services to stream resource logs to a Log Analytics workspace when any table Service which is missing this diagnostic settings is created or updated. | Default DeployIfNotExists Allowed DeployIfNotExists, AuditIfNotExists, Disabled |
count: 002 •Log Analytics Contributor •Monitoring Contributor |
change | 2022-09-19 17:41:40 Major (1.0.0 > 2.0.0) |
| Regulatory Compliance | c3b3cc61-9c70-5d78-7f12-1aefcc477db7 | Review security testing, training, and monitoring plans | CMA_C1754 - Review security testing, training, and monitoring plans | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 c3b3cc61-9c70-5d78-7f12-1aefcc477db7 |
|
| Kubernetes | 95edb821-ddaf-4404-9732-666045e056b4 | Kubernetes cluster should not allow privileged containers | Do not allow privileged containers creation in a Kubernetes cluster. This recommendation is part of CIS 5.2.1 which is intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. | Default Deny Allowed audit, Audit, deny, Deny, disabled, Disabled |
change | 2022-09-19 17:41:40 Major (8.0.0 > 9.0.0) |
|
| Regulatory Compliance | 5f2e834d-7e40-a4d5-a216-e49b16955ccf | Establish requirements for internet service providers | CMA_0278 - Establish requirements for internet service providers | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 5f2e834d-7e40-a4d5-a216-e49b16955ccf |
|
| Regulatory Compliance | a8df9c78-4044-98be-2c05-31a315ac8957 | Conform to FICAM-issued profiles | CMA_C1350 - Conform to FICAM-issued profiles | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 a8df9c78-4044-98be-2c05-31a315ac8957 |
|
| Regulatory Compliance | 1a2a03a4-9992-5788-5953-d8f6615306de | Govern policies and procedures | CMA_0292 - Govern policies and procedures | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 1a2a03a4-9992-5788-5953-d8f6615306de |
|
| Regulatory Compliance | 27ce30dd-3d56-8b54-6144-e26d9a37a541 | Ensure audit records are not altered | CMA_C1125 - Ensure audit records are not altered | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 27ce30dd-3d56-8b54-6144-e26d9a37a541 |
|
| Regulatory Compliance | 75b42dcf-7840-1271-260b-852273d7906e | Develop contingency planning policies and procedures | CMA_0156 - Develop contingency planning policies and procedures | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 75b42dcf-7840-1271-260b-852273d7906e |
|
| Regulatory Compliance | dad1887d-161b-7b61-2e4d-5124a7b5724e | Measure the time between flaw identification and flaw remediation | CMA_C1674 - Measure the time between flaw identification and flaw remediation | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 dad1887d-161b-7b61-2e4d-5124a7b5724e |
|
| Regulatory Compliance | 04837a26-2601-1982-3da7-bf463e6408f4 | Develop configuration management plan | CMA_C1232 - Develop configuration management plan | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 04837a26-2601-1982-3da7-bf463e6408f4 |
|
| Regulatory Compliance | c7e8ddc1-14aa-1814-7fe1-aad1742b27da | Enforce expiration of cached authenticators | CMA_C1343 - Enforce expiration of cached authenticators | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 c7e8ddc1-14aa-1814-7fe1-aad1742b27da |
|
| Regulatory Compliance | 10c3a1b1-29b0-a2d5-8f4c-a284b0f07830 | Implement cryptographic mechanisms | CMA_C1419 - Implement cryptographic mechanisms | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 10c3a1b1-29b0-a2d5-8f4c-a284b0f07830 |
|
| Regulatory Compliance | 611ebc63-8600-50b6-a0e3-fef272457132 | Employ independent team for penetration testing | CMA_C1171 - Employ independent team for penetration testing | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 611ebc63-8600-50b6-a0e3-fef272457132 |
|
| Regulatory Compliance | ab02bb73-4ce1-89dd-3905-d93042809ba0 | Align business objectives and IT goals | CMA_0008 - Align business objectives and IT goals | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 ab02bb73-4ce1-89dd-3905-d93042809ba0 |
|
| Regulatory Compliance | d136ae80-54dd-321c-98b4-17acf4af2169 | Provide updated security awareness training | CMA_C1090 - Provide updated security awareness training | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 d136ae80-54dd-321c-98b4-17acf4af2169 |
|
| Regulatory Compliance | 2af4640d-11a6-a64b-5ceb-a468f4341c0c | Define and enforce inactivity log policy | CMA_C1017 - Define and enforce inactivity log policy | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 2af4640d-11a6-a64b-5ceb-a468f4341c0c |
|
| Regulatory Compliance | 98e33927-8d7f-6d5f-44f5-2469b40b7215 | Implement Incident handling capability | CMA_C1367 - Implement Incident handling capability | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 98e33927-8d7f-6d5f-44f5-2469b40b7215 |
|
| Regulatory Compliance | b470a37a-7a47-3792-34dd-7a793140702e | Establish relationship between incident response capability and external providers | CMA_C1376 - Establish relationship between incident response capability and external providers | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 b470a37a-7a47-3792-34dd-7a793140702e |
|
| Regulatory Compliance | a44c9fba-43f8-4b7b-7ee6-db52c96b4366 | Facilitate information sharing | CMA_0284 - Facilitate information sharing | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 a44c9fba-43f8-4b7b-7ee6-db52c96b4366 |
|
| App Service | a1a22235-dd10-4062-bd55-7d62778f41b0 | Function app slots should not have CORS configured to allow every resource to access your apps | Cross-Origin Resource Sharing (CORS) should not allow all domains to access your Function app. Allow only required domains to interact with your Function app. | Default AuditIfNotExists Allowed AuditIfNotExists, Disabled |
add | 2022-09-19 17:41:40 a1a22235-dd10-4062-bd55-7d62778f41b0 |
|
| Regulatory Compliance | ef5a7059-6651-73b1-18b3-75b1b79c1565 | Define information security roles and responsibilities | CMA_C1565 - Define information security roles and responsibilities | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 ef5a7059-6651-73b1-18b3-75b1b79c1565 |
|
| Kubernetes | 57dde185-5c62-4063-b965-afbb201e9c1c | Kubernetes cluster Windows containers should only run with approved user and domain user group | Control the user that Windows pods and containers can use to run in a Kubernetes Cluster. This recommendation is part of Pod Security Policies on Windows nodes which are intended to improve the security of your Kubernetes environments. | Default Audit Allowed Audit, Deny, Disabled |
change | 2022-09-19 17:41:40 Major (1.0.0 > 2.0.0) |
|
| Kubernetes | 46592696-4c7b-4bf3-9e45-6c2763bdc0a6 | Kubernetes cluster pods should use specified labels | Use specified labels to identify the pods in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. | Default Deny Allowed audit, Audit, deny, Deny, disabled, Disabled |
change | 2022-09-19 17:41:40 Major (6.2.1 > 7.0.0) |
|
| Kubernetes | 65280eef-c8b4-425e-9aec-af55e55bf581 | Kubernetes cluster should not use naked pods | Block usage of naked Pods. Naked Pods will not be rescheduled in the event of a node failure. Pods should be managed by Deployment, Replicset, Daemonset or Jobs | Default Audit Allowed Audit, Deny, Disabled |
change | 2022-09-19 17:41:40 Major (1.0.0 > 2.0.0) |
|
| Regulatory Compliance | 7a114735-a420-057d-a651-9a73cd0416ef | Require developers to provide unified security protection approach | CMA_C1614 - Require developers to provide unified security protection approach | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 7a114735-a420-057d-a651-9a73cd0416ef |
|
| Regulatory Compliance | 0fd1ca29-677b-2f12-1879-639716459160 | Maintain data breach records | CMA_0351 - Maintain data breach records | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 0fd1ca29-677b-2f12-1879-639716459160 |
|
| Kubernetes | 16697877-1118-4fb1-9b65-9898ec2509ec | Kubernetes cluster pods should only use allowed volume types | Pods can only use allowed volume types in a Kubernetes cluster. This recommendation is part of Pod Security Policies which are intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. | Default Audit Allowed audit, Audit, deny, Deny, disabled, Disabled |
change | 2022-09-19 17:41:40 Major (4.0.1 > 5.0.0) |
|
| Regulatory Compliance | 7b28ba4f-0a87-46ac-62e1-46b7c09202a8 | Monitor account activity | CMA_0377 - Monitor account activity | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 7b28ba4f-0a87-46ac-62e1-46b7c09202a8 |
|
| Regulatory Compliance | b7306e73-0494-83a2-31f5-280e934a8f70 | Develop and document a DDoS response plan | CMA_0147 - Develop and document a DDoS response plan | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 b7306e73-0494-83a2-31f5-280e934a8f70 |
|
| Regulatory Compliance | ba02d0a0-566a-25dc-73f1-101c726a19c5 | Implement transaction based recovery | CMA_C1296 - Implement transaction based recovery | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 ba02d0a0-566a-25dc-73f1-101c726a19c5 |
|
| Regulatory Compliance | 7fc1f0da-0050-19bb-3d75-81ae15940df6 | Provide monitoring information as needed | CMA_C1689 - Provide monitoring information as needed | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 7fc1f0da-0050-19bb-3d75-81ae15940df6 |
|
| Kubernetes | 4f3823b6-6dac-4b5a-9c61-ce1afb829f17 | Kubernetes clusters should use Container Storage Interface(CSI) driver StorageClass | The Container Storage Interface (CSI) is a standard for exposing arbitrary block and file storage systems to containerized workloads on Kubernetes. In-tree provisioner StorageClass should be deprecated since AKS version 1.21. To learn more, https://aka.ms/aks-csi-driver | Default Audit Allowed Audit, Deny, Disabled |
change | 2022-09-19 17:41:40 Major (1.1.0 > 2.0.0) |
|
| Kubernetes | 9f061a12-e40d-4183-a00e-171812443373 | Kubernetes clusters should not use the default namespace | Prevent usage of the default namespace in Kubernetes clusters to protect against unauthorized access for ConfigMap, Pod, Secret, Service, and ServiceAccount resource types. For more information, see https://aka.ms/kubepolicydoc. | Default Audit Allowed audit, Audit, deny, Deny, disabled, Disabled |
change | 2022-09-19 17:41:40 Major (3.0.1 > 4.0.0) |
|
| Regulatory Compliance | 46ab2c5e-6654-1f58-8c83-e97a44f39308 | Identify external service providers | CMA_C1591 - Identify external service providers | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 46ab2c5e-6654-1f58-8c83-e97a44f39308 |
|
| Regulatory Compliance | 69d90ee6-9f9f-262a-2038-d909fb4e5723 | Identify spilled information | CMA_0303 - Identify spilled information | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 69d90ee6-9f9f-262a-2038-d909fb4e5723 |
|
| Regulatory Compliance | 449ebb52-945b-36e5-3446-af6f33770f8f | Update the security authorization | CMA_C1160 - Update the security authorization | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 449ebb52-945b-36e5-3446-af6f33770f8f |
|
| Regulatory Compliance | 037c0089-6606-2dab-49ad-437005b5035f | Identify incident response personnel | CMA_0301 - Identify incident response personnel | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 037c0089-6606-2dab-49ad-437005b5035f |
|
| Regulatory Compliance | 41172402-8d73-64c7-0921-909083c086b0 | Not allow for information systems to accompany with individuals | CMA_C1182 - Not allow for information systems to accompany with individuals | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 41172402-8d73-64c7-0921-909083c086b0 |
|
| Regulatory Compliance | 6baae474-434f-2e91-7163-a72df30c4847 | Manage security state of information systems | CMA_C1746 - Manage security state of information systems | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 6baae474-434f-2e91-7163-a72df30c4847 |
|
| Regulatory Compliance | 22c16ae4-19d0-29cb-422f-cb44061180ee | Disable user accounts posing a significant risk | CMA_C1026 - Disable user accounts posing a significant risk | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 22c16ae4-19d0-29cb-422f-cb44061180ee |
|
| Regulatory Compliance | 91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 | Review and update physical and environmental policies and procedures | CMA_C1446 - Review and update physical and environmental policies and procedures | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 |
|
| Kubernetes | 9a5f4e39-e427-4d5d-ae73-93db00328bec | Kubernetes resources should have required annotations | Ensure that required annotations are attached on a given Kubernetes resource kind for improved resource management of your Kubernetes resources. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. | Default Audit Allowed Audit, Deny, Disabled |
change | 2022-09-19 17:41:40 Major (2.0.0 > 3.0.0) |
|
| Regulatory Compliance | 3eabed6d-1912-2d3c-858b-f438d08d0412 | Ensure external providers consistently meet interests of the customers | CMA_C1592 - Ensure external providers consistently meet interests of the customers | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 3eabed6d-1912-2d3c-858b-f438d08d0412 |
|
| Regulatory Compliance | 03d550b4-34ee-03f4-515f-f2e2faf7a413 | Review access control policies and procedures | CMA_0457 - Review access control policies and procedures | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 03d550b4-34ee-03f4-515f-f2e2faf7a413 |
|
| Regulatory Compliance | 14a4fd0a-9100-1e12-1362-792014a28155 | Update contingency plan | CMA_C1248 - Update contingency plan | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 14a4fd0a-9100-1e12-1362-792014a28155 |
|
| Regulatory Compliance | e9c60c37-65b0-2d72-6c3c-af66036203ae | Review and update contingency planning policies and procedures | CMA_C1243 - Review and update contingency planning policies and procedures | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 e9c60c37-65b0-2d72-6c3c-af66036203ae |
|
| Kubernetes | df49d893-a74c-421d-bc95-c663042e5b80 | Kubernetes cluster containers should run with a read only root file system | Run containers with a read only root file system to protect from changes at run-time with malicious binaries being added to PATH in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. | Default Audit Allowed audit, Audit, deny, Deny, disabled, Disabled |
change | 2022-09-19 17:41:40 Major (5.0.0 > 6.0.0) |
|
| Regulatory Compliance | 6a379d74-903b-244a-4c44-838728bea6b0 | Analyse data obtained from continuous monitoring | CMA_C1169 - Analyse data obtained from continuous monitoring | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 6a379d74-903b-244a-4c44-838728bea6b0 |
|
| Kubernetes | 56d0a13f-712f-466b-8416-56fb354fb823 | Kubernetes cluster containers should not use forbidden sysctl interfaces | Containers should not use forbidden sysctl interfaces in a Kubernetes cluster. This recommendation is part of Pod Security Policies which are intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. | Default Audit Allowed audit, Audit, deny, Deny, disabled, Disabled |
change | 2022-09-19 17:41:40 Major (6.0.2 > 7.0.0) |
|
| Regulatory Compliance | 898a5781-2254-5a37-34c7-d78ea7c20d55 | Publish SORNs for systems containing PII | CMA_C1862 - Publish SORNs for systems containing PII | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 898a5781-2254-5a37-34c7-d78ea7c20d55 |
|
| Regulatory Compliance | b65c5d8e-9043-9612-2c17-65f231d763bb | Employ independent assessors to conduct security control assessments | CMA_C1148 - Employ independent assessors to conduct security control assessments | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 b65c5d8e-9043-9612-2c17-65f231d763bb |
|
| Regulatory Compliance | b269a749-705e-8bff-055a-147744675cdf | Conduct backup of information system documentation | CMA_C1289 - Conduct backup of information system documentation | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 b269a749-705e-8bff-055a-147744675cdf |
|
| Regulatory Compliance | b320aa42-33b4-53af-87ce-100091d48918 | Document third-party personnel security requirements | CMA_C1531 - Document third-party personnel security requirements | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 b320aa42-33b4-53af-87ce-100091d48918 |
|
| Regulatory Compliance | 677e1da4-00c3-287a-563d-f4a1cf9b99a0 | Conduct Risk Assessment | CMA_C1543 - Conduct Risk Assessment | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 677e1da4-00c3-287a-563d-f4a1cf9b99a0 |
|
| Regulatory Compliance | 1e876c5c-0f2a-8eb6-69f7-5f91e7918ed6 | Review development process, standards and tools | CMA_C1610 - Review development process, standards and tools | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 1e876c5c-0f2a-8eb6-69f7-5f91e7918ed6 |
|
| Regulatory Compliance | e7422f08-65b4-50e4-3779-d793156e0079 | Develop a concept of operations (CONOPS) | CMA_0141 - Develop a concept of operations (CONOPS) | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 e7422f08-65b4-50e4-3779-d793156e0079 |
|
| Regulatory Compliance | 80029bc5-834f-3a9c-a2d8-acbc1aab4e9f | Employ restrictions on external system interconnections | CMA_C1155 - Employ restrictions on external system interconnections | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 80029bc5-834f-3a9c-a2d8-acbc1aab4e9f |
|
| Regulatory Compliance | 22457e81-3ec6-5271-a786-c3ca284601dd | Isolate information spills | CMA_0346 - Isolate information spills | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 22457e81-3ec6-5271-a786-c3ca284601dd |
|
| Regulatory Compliance | 53fc1282-0ee3-2764-1319-e20143bb0ea5 | Review contingency plan | CMA_C1247 - Review contingency plan | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 53fc1282-0ee3-2764-1319-e20143bb0ea5 |
|
| Regulatory Compliance | 245fe58b-96f8-9f1e-48c5-7f49903f66fd | Establish alternate storage site that facilitates recovery operations | CMA_C1270 - Establish alternate storage site that facilitates recovery operations | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 245fe58b-96f8-9f1e-48c5-7f49903f66fd |
|
| Regulatory Compliance | 44b71aa8-099d-8b97-1557-0e853ec38e0d | Obtain functional properties of security controls | CMA_C1575 - Obtain functional properties of security controls | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 44b71aa8-099d-8b97-1557-0e853ec38e0d |
|
| Regulatory Compliance | 21832235-7a07-61f4-530d-d596f76e5b95 | Implement security testing, training, and monitoring plans | CMA_C1753 - Implement security testing, training, and monitoring plans | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 21832235-7a07-61f4-530d-d596f76e5b95 |
|
| Regulatory Compliance | e4054c0e-1184-09e6-4c5e-701e0bc90f81 | Report atypical behavior of user accounts | CMA_C1025 - Report atypical behavior of user accounts | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 e4054c0e-1184-09e6-4c5e-701e0bc90f81 |
|
| Regulatory Compliance | eda0cbb7-6043-05bf-645b-67411f1a59b3 | Ensure there are no unencrypted static authenticators | CMA_C1340 - Ensure there are no unencrypted static authenticators | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 eda0cbb7-6043-05bf-645b-67411f1a59b3 |
|
| Regulatory Compliance | 6de65dc4-8b4f-34b7-9290-eb137a2e2929 | Develop and document application security requirements | CMA_0148 - Develop and document application security requirements | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 6de65dc4-8b4f-34b7-9290-eb137a2e2929 |
|
| Kubernetes | 1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 | Kubernetes clusters should not allow container privilege escalation | Do not allow containers to run with privilege escalation to root in a Kubernetes cluster. This recommendation is part of CIS 5.2.5 which is intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. | Default Audit Allowed audit, Audit, deny, Deny, disabled, Disabled |
change | 2022-09-19 17:41:40 Major (6.0.1 > 7.0.0) |
|
| Regulatory Compliance | f7eb1d0b-6d4f-2d59-1591-7563e11a9313 | Define and enforce conditions for shared and group accounts | CMA_0117 - Define and enforce conditions for shared and group accounts | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 f7eb1d0b-6d4f-2d59-1591-7563e11a9313 |
|
| Regulatory Compliance | dc7ec756-221c-33c8-0afe-c48e10e42321 | Verify security controls for external information systems | CMA_0541 - Verify security controls for external information systems | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 dc7ec756-221c-33c8-0afe-c48e10e42321 |
|
| Regulatory Compliance | f8a63511-66f1-503f-196d-d6217ee0823a | Require developers to produce evidence of security assessment plan execution | CMA_C1602 - Require developers to produce evidence of security assessment plan execution | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 f8a63511-66f1-503f-196d-d6217ee0823a |
|
| App Service | 5e5dbe3f-2702-4ffc-8b1e-0cae008a5c71 | Function app slots should only be accessible over HTTPS | Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. | Default Audit Allowed Audit, Disabled, Deny |
add | 2022-09-19 17:41:40 5e5dbe3f-2702-4ffc-8b1e-0cae008a5c71 |
|
| Regulatory Compliance | df54d34f-65f3-39f1-103c-a0464b8615df | Manage transfers between standby and active system components | CMA_0371 - Manage transfers between standby and active system components | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 df54d34f-65f3-39f1-103c-a0464b8615df |
|
| Kubernetes | 3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e | Kubernetes clusters should use internal load balancers | Use internal load balancers to make a Kubernetes service accessible only to applications running in the same virtual network as the Kubernetes cluster. For more information, see https://aka.ms/kubepolicydoc. | Default Deny Allowed audit, Audit, deny, Deny, disabled, Disabled |
change | 2022-09-19 17:41:40 Major (7.0.0 > 8.0.0) |
|
| Regulatory Compliance | f6794ab8-9a7d-3b24-76ab-265d3646232b | Provide role-based training on suspicious activities | CMA_C1097 - Provide role-based training on suspicious activities | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 f6794ab8-9a7d-3b24-76ab-265d3646232b |
|
| Regulatory Compliance | 0716f0f5-4955-2ccb-8d5e-c6be14d57c0f | Ensure resources are authorized | CMA_C1159 - Ensure resources are authorized | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 0716f0f5-4955-2ccb-8d5e-c6be14d57c0f |
|
| Regulatory Compliance | 59f7feff-02aa-6539-2cf7-bea75b762140 | Develop access control policies and procedures | CMA_0144 - Develop access control policies and procedures | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 59f7feff-02aa-6539-2cf7-bea75b762140 |
|
| Regulatory Compliance | b33d61c1-7463-7025-0ec0-a47585b59147 | Require developers to manage change integrity | CMA_C1595 - Require developers to manage change integrity | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 b33d61c1-7463-7025-0ec0-a47585b59147 |
|
| Regulatory Compliance | de077e7e-0cc8-65a6-6e08-9ab46c827b05 | Produce, control and distribute asymmetric cryptographic keys | CMA_C1646 - Produce, control and distribute asymmetric cryptographic keys | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 de077e7e-0cc8-65a6-6e08-9ab46c827b05 |
|
| Regulatory Compliance | cc2f7339-2fac-1ea9-9ca3-cd530fbb0da2 | Create alternative actions for identified anomalies | CMA_C1711 - Create alternative actions for identified anomalies | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 cc2f7339-2fac-1ea9-9ca3-cd530fbb0da2 |
|
| Regulatory Compliance | 77cc89bb-774f-48d7-8a84-fb8c322c3000 | Track software license usage | CMA_C1235 - Track software license usage | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 77cc89bb-774f-48d7-8a84-fb8c322c3000 |
|
| Regulatory Compliance | db580551-0b3c-4ea1-8a4c-4cdb5feb340f | Provide the logout capability | CMA_C1055 - Provide the logout capability | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 db580551-0b3c-4ea1-8a4c-4cdb5feb340f |
|
| Regulatory Compliance | a30bd8e9-7064-312a-0e1f-e1b485d59f6e | Review exploit protection events | CMA_0472 - Review exploit protection events | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 a30bd8e9-7064-312a-0e1f-e1b485d59f6e |
|
| Regulatory Compliance | cdcb825f-a0fb-31f9-29c1-ab566718499a | Publish Computer Matching Agreements on public website | CMA_C1829 - Publish Computer Matching Agreements on public website | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 cdcb825f-a0fb-31f9-29c1-ab566718499a |
|
| Storage | 59759c62-9a22-4cdf-ae64-074495983fef | Configure diagnostic settings for Storage Accounts to Log Analytics workspace | Deploys the diagnostic settings for Storage accounts to stream resource logs to a Log Analytics workspace when any storage accounts which is missing this diagnostic settings is created or updated. | Default DeployIfNotExists Allowed DeployIfNotExists, AuditIfNotExists, Disabled |
count: 002 •Log Analytics Contributor •Monitoring Contributor |
change | 2022-09-19 17:41:40 Major (1.0.0 > 2.0.0) |
| App Service | 24b7a1c6-44fe-40cc-a2e6-242d2ef70e98 | App Service app slots should be injected into a virtual network | Injecting App Service Apps in a virtual network unlocks advanced App Service networking and security features and provides you with greater control over your network security configuration. Learn more at: https://docs.microsoft.com/azure/app-service/web-sites-integrate-with-vnet. | Default Audit Allowed Audit, Deny, Disabled |
add | 2022-09-19 17:41:40 24b7a1c6-44fe-40cc-a2e6-242d2ef70e98 |
|
| Regulatory Compliance | ca748dfe-3e28-1d18-4221-89aea30aa0a5 | Identify status of individual users | CMA_C1316 - Identify status of individual users | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 ca748dfe-3e28-1d18-4221-89aea30aa0a5 |
|
| Regulatory Compliance | 39999038-9ef1-602a-158c-ce2367185230 | Define performance metrics | CMA_0124 - Define performance metrics | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 39999038-9ef1-602a-158c-ce2367185230 |
|
| Regulatory Compliance | ced727b3-005e-3c5b-5cd5-230b79d56ee8 | Implement a fault tolerant name/address service | CMA_0305 - Implement a fault tolerant name/address service | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 ced727b3-005e-3c5b-5cd5-230b79d56ee8 |
|
| App Service | ae44c1d1-0df2-4ca9-98fa-a3d3ae5b409d | Configure App Service apps to use the latest TLS version | Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for App Service apps to take advantage of security fixes, if any, and/or new functionalities of the latest version. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 001 •Website Contributor |
add | 2022-09-19 17:41:40 ae44c1d1-0df2-4ca9-98fa-a3d3ae5b409d |
| App Service | a096cbd0-4693-432f-9374-682f485f23f3 | Configure Function apps to only be accessible over HTTPS | Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. | Default Modify Allowed Modify, Disabled |
count: 001 •Website Contributor |
add | 2022-09-19 17:41:40 a096cbd0-4693-432f-9374-682f485f23f3 |
| Storage | 25a70cc8-2bd4-47f1-90b6-1478e4662c96 | Configure diagnostic settings for File Services to Log Analytics workspace | Deploys the diagnostic settings for File Services to stream resource logs to a Log Analytics workspace when any file Service which is missing this diagnostic settings is created or updated. | Default DeployIfNotExists Allowed DeployIfNotExists, AuditIfNotExists, Disabled |
count: 002 •Log Analytics Contributor •Monitoring Contributor |
change | 2022-09-19 17:41:40 Major (1.0.0 > 2.0.0) |
| Regulatory Compliance | cb8841d4-9d13-7292-1d06-ba4d68384681 | Perform a business impact assessment and application criticality assessment | CMA_0386 - Perform a business impact assessment and application criticality assessment | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 cb8841d4-9d13-7292-1d06-ba4d68384681 |
|
| Regulatory Compliance | e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 | Review and update personnel security policies and procedures | CMA_C1507 - Review and update personnel security policies and procedures | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 |
|
| Regulatory Compliance | 81b6267b-97a7-9aa5-51ee-d2584a160424 | Create separate alternate and primary storage sites | CMA_C1269 - Create separate alternate and primary storage sites | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 81b6267b-97a7-9aa5-51ee-d2584a160424 |
|
| Regulatory Compliance | a28323fe-276d-3787-32d2-cef6395764c4 | Develop audit and accountability policies and procedures | CMA_0154 - Develop audit and accountability policies and procedures | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 a28323fe-276d-3787-32d2-cef6395764c4 |
|
| Regulatory Compliance | 4c385143-09fd-3a34-790c-a5fd9ec77ddc | Provide role-based security training | CMA_C1094 - Provide role-based security training | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 4c385143-09fd-3a34-790c-a5fd9ec77ddc |
|
| Regulatory Compliance | 2401b496-7f23-79b2-9f80-89bb5abf3d4a | Protect incident response plan | CMA_0405 - Protect incident response plan | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 2401b496-7f23-79b2-9f80-89bb5abf3d4a |
|
| Regulatory Compliance | a1334a65-2622-28ee-5067-9d7f5b915cc5 | Communicate contingency plan changes | CMA_C1249 - Communicate contingency plan changes | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 a1334a65-2622-28ee-5067-9d7f5b915cc5 |
|
| App Service | eaebaea7-8013-4ceb-9d14-7eb32271373c | Function apps should have 'Client Certificates (Incoming client certificates)' enabled | Client certificates allow for the app to request a certificate for incoming requests. Only clients with valid certificates will be able to reach the app. | Default Audit Allowed Audit, Disabled |
change | 2022-09-19 17:41:40 Major (2.0.0 > 3.0.0) |
|
| Regulatory Compliance | 7ded6497-815d-6506-242b-e043e0273928 | Plan for resumption of essential business functions | CMA_C1253 - Plan for resumption of essential business functions | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 7ded6497-815d-6506-242b-e043e0273928 |
|
| Regulatory Compliance | d200f199-69f4-95a6-90b0-37ff0cf1040c | Provide the capability to extend or limit auditing on customer-deployed resources | CMA_C1141 - Provide the capability to extend or limit auditing on customer-deployed resources | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 d200f199-69f4-95a6-90b0-37ff0cf1040c |
|
| Regulatory Compliance | 0040d2e5-2779-170d-6a2c-1f5fca353335 | Restrict location of information processing, storage and services | CMA_C1593 - Restrict location of information processing, storage and services | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 0040d2e5-2779-170d-6a2c-1f5fca353335 |
|
| Regulatory Compliance | 90a156a6-49ed-18d1-1052-69aac27c05cd | Allocate resources in determining information system requirements | CMA_C1561 - Allocate resources in determining information system requirements | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 90a156a6-49ed-18d1-1052-69aac27c05cd |
|
| Regulatory Compliance | 57adc919-9dca-817c-8197-64d812070316 | Develop an enterprise architecture | CMA_C1741 - Develop an enterprise architecture | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 57adc919-9dca-817c-8197-64d812070316 |
|
| Kubernetes | b1a9997f-2883-4f12-bdff-2280f99b5915 | Ensure cluster containers have readiness or liveness probes configured | This policy enforces that all pods have a readiness and/or liveness probes configured. Probe Types can be any of tcpSocket, httpGet and exec. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc. | Default Audit Allowed Audit, Deny, Disabled |
change | 2022-09-19 17:41:40 Major (2.0.0 > 3.0.0) |
|
| Regulatory Compliance | 95eb7d09-9937-5df9-11d9-20317e3f60df | Provide formal notice to individuals | CMA_C1864 - Provide formal notice to individuals | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 95eb7d09-9937-5df9-11d9-20317e3f60df |
|
| Regulatory Compliance | f30edfad-4e1d-1eef-27ee-9292d6d89842 | Perform security function verification at a defined frequency | CMA_C1709 - Perform security function verification at a defined frequency | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 f30edfad-4e1d-1eef-27ee-9292d6d89842 |
|
| Regulatory Compliance | 3bd4e0af-7cbb-a3ec-4918-056a3c017ae2 | Keep SORNs updated | CMA_C1863 - Keep SORNs updated | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 3bd4e0af-7cbb-a3ec-4918-056a3c017ae2 |
|
| Kubernetes | d46c275d-1680-448d-b2ec-e495a3b6cc89 | Kubernetes cluster services should only use allowed external IPs | Use allowed external IPs to avoid the potential attack (CVE-2020-8554) in a Kubernetes cluster. For more information, see https://aka.ms/kubepolicydoc. | Default Audit Allowed audit, Audit, deny, Deny, disabled, Disabled |
change | 2022-09-19 17:41:40 Major (4.0.1 > 5.0.0) |
|
| Regulatory Compliance | c8aa992d-76b7-7ca0-07b3-31a58d773fa9 | Employ automated training environment | CMA_C1357 - Employ automated training environment | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 c8aa992d-76b7-7ca0-07b3-31a58d773fa9 |
|
| Regulatory Compliance | 2067b904-9552-3259-0cdd-84468e284b7c | Review and update system maintenance policies and procedures | CMA_C1395 - Review and update system maintenance policies and procedures | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 2067b904-9552-3259-0cdd-84468e284b7c |
|
| Regulatory Compliance | f6da5cca-5795-60ff-49e1-4972567815fe | Require developer to identify SDLC ports, protocols, and services | CMA_C1578 - Require developer to identify SDLC ports, protocols, and services | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 f6da5cca-5795-60ff-49e1-4972567815fe |
|
| Regulatory Compliance | 834b7a4a-83ab-2188-1a26-9c5033d8173b | Incorporate security and data privacy practices in research processing | CMA_0331 - Incorporate security and data privacy practices in research processing | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 834b7a4a-83ab-2188-1a26-9c5033d8173b |
|
| Regulatory Compliance | 3054c74b-9b45-2581-56cf-053a1a716c39 | Accept assessment results | CMA_C1150 - Accept assessment results | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 3054c74b-9b45-2581-56cf-053a1a716c39 |
|
| Regulatory Compliance | 396f465d-375e-57de-58ba-021adb008191 | Invalidate session identifiers at logout | CMA_C1661 - Invalidate session identifiers at logout | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 396f465d-375e-57de-58ba-021adb008191 |
|
| Kubernetes | 511f5417-5d12-434d-ab2e-816901e72a5e | Kubernetes cluster containers should only use allowed AppArmor profiles | Containers should only use allowed AppArmor profiles in a Kubernetes cluster. This recommendation is part of Pod Security Policies which are intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. | Default Audit Allowed audit, Audit, deny, Deny, disabled, Disabled |
change | 2022-09-19 17:41:40 Major (5.0.0 > 6.0.0) |
|
| Regulatory Compliance | 0a412110-3874-9f22-187a-c7a81c8a6704 | Establish alternate storage site to store and retrieve backup information | CMA_C1267 - Establish alternate storage site to store and retrieve backup information | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 0a412110-3874-9f22-187a-c7a81c8a6704 |
|
| App Service | 546fe8d2-368d-4029-a418-6af48a7f61e5 | App Service apps should use a SKU that supports private link | With supported SKUs, Azure Private Link lets you connect your virtual network to Azure services without a public IP address at the source or destination. The Private Link platform handles the connectivity between the consumer and services over the Azure backbone network. By mapping private endpoints to apps, you can reduce data leakage risks. Learn more about private links at: https://aka.ms/private-link. | Default Audit Allowed Audit, Deny, Disabled |
change | 2022-09-19 17:41:40 Major (3.0.0 > 4.0.0) |
|
| Kubernetes | febd0533-8e55-448f-b837-bd0e06f16469 | Kubernetes cluster containers should only use allowed images | Use images from trusted registries to reduce the Kubernetes cluster's exposure risk to unknown vulnerabilities, security issues and malicious images. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. | Default Deny Allowed audit, Audit, deny, Deny, disabled, Disabled |
change | 2022-09-19 17:41:40 Major (8.0.0 > 9.0.0) |
|
| Regulatory Compliance | 29acfac0-4bb4-121b-8283-8943198b1549 | Review and update identification and authentication policies and procedures | CMA_C1299 - Review and update identification and authentication policies and procedures | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 29acfac0-4bb4-121b-8283-8943198b1549 |
|
| Regulatory Compliance | d8350d4c-9314-400b-288f-20ddfce04fbd | Define and enforce the limit of concurrent sessions | CMA_C1050 - Define and enforce the limit of concurrent sessions | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 d8350d4c-9314-400b-288f-20ddfce04fbd |
|
| Regulatory Compliance | bfc540fe-376c-2eef-4355-121312fa4437 | Maintain separate execution domains for running processes | CMA_C1665 - Maintain separate execution domains for running processes | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 bfc540fe-376c-2eef-4355-121312fa4437 |
|
| App Service | 2f7c08c2-f671-4282-9fdb-597b6ef2c10d | App Service app slots should have 'Client Certificates (Incoming client certificates)' enabled | Client certificates allow for the app to request a certificate for incoming requests. Only clients that have a valid certificate will be able to reach the app. | Default Audit Allowed Audit, Disabled |
add | 2022-09-19 17:41:40 2f7c08c2-f671-4282-9fdb-597b6ef2c10d |
|
| Regulatory Compliance | 8b077bff-516f-3983-6c42-c86e9a11868b | Designate individuals to fulfill specific roles and responsibilities | CMA_C1747 - Designate individuals to fulfill specific roles and responsibilities | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 8b077bff-516f-3983-6c42-c86e9a11868b |
|
| Regulatory Compliance | bf883b14-9c19-0f37-8825-5e39a8b66d5b | Perform threat modeling | CMA_0392 - Perform threat modeling | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 bf883b14-9c19-0f37-8825-5e39a8b66d5b |
|
| Regulatory Compliance | ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab | Check for privacy and security compliance before establishing internal connections | CMA_0053 - Check for privacy and security compliance before establishing internal connections | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab |
|
| Kubernetes | 423dd1ba-798e-40e4-9c4d-b6902674b423 | Kubernetes clusters should disable automounting API credentials | Disable automounting API credentials to prevent a potentially compromised Pod resource to run API commands against Kubernetes clusters. For more information, see https://aka.ms/kubepolicydoc. | Default Audit Allowed audit, Audit, deny, Deny, disabled, Disabled |
change | 2022-09-19 17:41:40 Major (3.0.1 > 4.0.0) |
|
| Regulatory Compliance | 279052a0-8238-694d-9661-bf649f951747 | Identify contaminated systems and components | CMA_0300 - Identify contaminated systems and components | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 279052a0-8238-694d-9661-bf649f951747 |
|
| Regulatory Compliance | de251b09-4a5e-1204-4bef-62ac58d47999 | Adjust level of audit review, analysis, and reporting | CMA_C1123 - Adjust level of audit review, analysis, and reporting | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 de251b09-4a5e-1204-4bef-62ac58d47999 |
|
| Regulatory Compliance | 3f1216b0-30ee-1ac9-3899-63eb744e85f5 | Obtain Admin documentation | CMA_C1580 - Obtain Admin documentation | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 3f1216b0-30ee-1ac9-3899-63eb744e85f5 |
|
| Regulatory Compliance | 92b94485-1c49-3350-9ada-dffe94f08e87 | Obtain approvals for acquisitions and outsourcing | CMA_C1590 - Obtain approvals for acquisitions and outsourcing | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 92b94485-1c49-3350-9ada-dffe94f08e87 |
|
| Regulatory Compliance | 56fb5173-3865-5a5d-5fad-ae33e53e1577 | Address information security issues | CMA_C1742 - Address information security issues | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 56fb5173-3865-5a5d-5fad-ae33e53e1577 |
|
| Regulatory Compliance | 13939f8c-4cd5-a6db-9af4-9dfec35e3722 | Identify and mitigate potential issues at alternate storage site | CMA_C1271 - Identify and mitigate potential issues at alternate storage site | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 13939f8c-4cd5-a6db-9af4-9dfec35e3722 |
|
| Regulatory Compliance | 75b9db50-7906-2351-98ae-0458218609e5 | Retain accounting of disclosures of information | CMA_C1819 - Retain accounting of disclosures of information | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 75b9db50-7906-2351-98ae-0458218609e5 |
|
| Kubernetes | a27c700f-8a22-44ec-961c-41625264370b | Kubernetes clusters should not use specific security capabilities | Prevent specific security capabilities in Kubernetes clusters to prevent ungranted privileges on the Pod resource. For more information, see https://aka.ms/kubepolicydoc. | Default Audit Allowed audit, Audit, deny, Deny, disabled, Disabled |
change | 2022-09-19 17:41:40 Major (4.0.1 > 5.0.0) |
|
| Kubernetes | e1e6c427-07d9-46ab-9689-bfa85431e636 | Kubernetes cluster pods and containers should only use allowed SELinux options | Pods and containers should only use allowed SELinux options in a Kubernetes cluster. This recommendation is part of Pod Security Policies which are intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. | Default Audit Allowed audit, Audit, deny, Deny, disabled, Disabled |
change | 2022-09-19 17:41:40 Major (6.0.2 > 7.0.0) |
|
| Regulatory Compliance | ff136354-1c92-76dc-2dab-80fb7c6a9f1a | Observe and report security weaknesses | CMA_0384 - Observe and report security weaknesses | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 ff136354-1c92-76dc-2dab-80fb7c6a9f1a |
|
| Regulatory Compliance | db8b35d6-8adb-3f51-44ff-c648ab5b1530 | Employ FICAM-approved resources to accept third-party credentials | CMA_C1349 - Employ FICAM-approved resources to accept third-party credentials | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 db8b35d6-8adb-3f51-44ff-c648ab5b1530 |
|
| Kubernetes | f85eb0dd-92ee-40e9-8a76-db25a507d6d3 | Kubernetes cluster containers should only use allowed ProcMountType | Pod containers can only use allowed ProcMountTypes in a Kubernetes cluster. This recommendation is part of Pod Security Policies which are intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. | Default Audit Allowed audit, Audit, deny, Deny, disabled, Disabled |
change | 2022-09-19 17:41:40 Major (7.0.1 > 8.0.0) |
|
| Kubernetes | 1ddac26b-ed48-4c30-8cc5-3a68c79b8001 | Kubernetes clusters should not allow endpoint edit permissions of ClusterRole/system:aggregate-to-edit | ClusterRole/system:aggregate-to-edit should not allow endpoint edit permissions due to CVE-2021-25740, Endpoint & EndpointSlice permissions allow cross-Namespace forwarding, https://github.com/kubernetes/kubernetes/issues/103675. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. | Default Audit Allowed Audit, Disabled |
change | 2022-09-19 17:41:40 Major (2.0.0 > 3.0.0) |
|
| Regulatory Compliance | 0f31d98d-5ce2-705b-4aa5-b4f6705110dd | Prepare alternate processing site for use as operational site | CMA_C1278 - Prepare alternate processing site for use as operational site | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 0f31d98d-5ce2-705b-4aa5-b4f6705110dd |
|
| Regulatory Compliance | b8587fce-138f-86e8-33a3-c60768bf1da6 | Automate remote maintenance activities | CMA_C1402 - Automate remote maintenance activities | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 b8587fce-138f-86e8-33a3-c60768bf1da6 |
|
| Regulatory Compliance | b7897ddc-9716-2460-96f7-7757ad038cc4 | Assign risk designations | CMA_0016 - Assign risk designations | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 b7897ddc-9716-2460-96f7-7757ad038cc4 |
|
| Regulatory Compliance | adf517f3-6dcd-3546-9928-34777d0c277e | Review and update system and communications protection policies and procedures | CMA_C1616 - Review and update system and communications protection policies and procedures | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 adf517f3-6dcd-3546-9928-34777d0c277e |
|
| Regulatory Compliance | 8f835d6a-4d13-9a9c-37dc-176cebd37fda | Document wireless access security controls | CMA_C1695 - Document wireless access security controls | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 8f835d6a-4d13-9a9c-37dc-176cebd37fda |
|
| Regulatory Compliance | 8c44a0ea-9b09-4d9c-0e91-f9bee3d05bfb | Document customer-defined actions | CMA_C1582 - Document customer-defined actions | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 8c44a0ea-9b09-4d9c-0e91-f9bee3d05bfb |
|
| Kubernetes | 233a2a17-77ca-4fb1-9b6b-69223d272a44 | Kubernetes cluster services should listen only on allowed ports | Restrict services to listen only on allowed ports to secure access to the Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. | Default Deny Allowed audit, Audit, deny, Deny, disabled, Disabled |
change | 2022-09-19 17:41:40 Major (7.0.0 > 8.0.0) |
|
| Regulatory Compliance | 836f8406-3b8a-11bb-12cb-6c7fa0765668 | Develop configuration item identification plan | CMA_C1231 - Develop configuration item identification plan | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 836f8406-3b8a-11bb-12cb-6c7fa0765668 |
|
| Regulatory Compliance | cf79f602-1e60-5423-6c0c-e632c2ea1fc0 | Implement controls to protect PII | CMA_C1839 - Implement controls to protect PII | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 cf79f602-1e60-5423-6c0c-e632c2ea1fc0 |
|
| Regulatory Compliance | 098dcde7-016a-06c3-0985-0daaf3301d3a | Distribute authenticators | CMA_0184 - Distribute authenticators | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 098dcde7-016a-06c3-0985-0daaf3301d3a |
|
| App Service | 25a5046c-c423-4805-9235-e844ae9ef49b | Configure Function apps to turn off remote debugging | Remote debugging requires inbound ports to be opened on Function apps. Remote debugging should be turned off. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 001 •Website Contributor |
add | 2022-09-19 17:41:40 25a5046c-c423-4805-9235-e844ae9ef49b |
| Regulatory Compliance | 015b4935-448a-8684-27c0-d13086356c33 | Implement a threat awareness program | CMA_C1758 - Implement a threat awareness program | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 015b4935-448a-8684-27c0-d13086356c33 |
|
| Regulatory Compliance | 83eea3d3-0d2c-9ccd-1021-2111b29b2a62 | Ensure system capable of dynamic isolation of resources | CMA_C1638 - Ensure system capable of dynamic isolation of resources | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 83eea3d3-0d2c-9ccd-1021-2111b29b2a62 |
|
| Regulatory Compliance | ced291b8-1d3d-7e27-40cf-829e9dd523c8 | Review and update the information security architecture | CMA_C1504 - Review and update the information security architecture | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 ced291b8-1d3d-7e27-40cf-829e9dd523c8 |
|
| Regulatory Compliance | dd2523d5-2db3-642b-a1cf-83ac973b32c2 | Establish benchmarks for flaw remediation | CMA_C1675 - Establish benchmarks for flaw remediation | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 dd2523d5-2db3-642b-a1cf-83ac973b32c2 |
|
| Kubernetes | b81f454c-eebb-4e4f-9dfe-dca060e8a8fd | [Preview]: Kubernetes clusters should restrict creation of given resource type | Given Kubernetes resource type should not be deployed in certain namespace. | Default Audit Allowed Audit, Deny, Disabled |
change | 2022-09-19 17:41:40 Major, suffix remains equal (1.1.0-preview > 2.1.0-preview) |
|
| Regulatory Compliance | 4edaca8c-0912-1ac5-9eaa-6a1057740fae | Provide capability to disconnect or disable remote access | CMA_C1066 - Provide capability to disconnect or disable remote access | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 4edaca8c-0912-1ac5-9eaa-6a1057740fae |
|
| Regulatory Compliance | e1379836-3492-6395-451d-2f5062e14136 | Identify and authenticate non-organizational users | CMA_C1346 - Identify and authenticate non-organizational users | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 e1379836-3492-6395-451d-2f5062e14136 |
|
| Regulatory Compliance | eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 | Review and update configuration management policies and procedures | CMA_C1175 - Review and update configuration management policies and procedures | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 |
|
| Regulatory Compliance | dd6d00a8-701a-5935-a22b-c7b9c0c698b2 | Isolate SecurID systems, Security Incident Management systems | CMA_C1636 - Isolate SecurID systems, Security Incident Management systems | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 dd6d00a8-701a-5935-a22b-c7b9c0c698b2 |
|
| Regulatory Compliance | cbfa1bd0-714d-8d6f-0480-2ad6a53972df | Define and document government oversight | CMA_C1587 - Define and document government oversight | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 cbfa1bd0-714d-8d6f-0480-2ad6a53972df |
|
| Regulatory Compliance | 725164e5-3b21-1ec2-7e42-14f077862841 | Require compliance with intellectual property rights | CMA_0432 - Require compliance with intellectual property rights | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 725164e5-3b21-1ec2-7e42-14f077862841 |
|
| Regulatory Compliance | 28aa060e-25c7-6121-05d8-a846f11433df | Review and update planning policies and procedures | CMA_C1491 - Review and update planning policies and procedures | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 28aa060e-25c7-6121-05d8-a846f11433df |
|
| Regulatory Compliance | 311802f9-098d-0659-245a-94c5d47c0182 | Employ boundary protection to isolate information systems | CMA_C1639 - Employ boundary protection to isolate information systems | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 311802f9-098d-0659-245a-94c5d47c0182 |
|
| Regulatory Compliance | eb598832-4bcc-658d-4381-3ecbe17b9866 | Provide timely maintenance support | CMA_C1425 - Provide timely maintenance support | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 eb598832-4bcc-658d-4381-3ecbe17b9866 |
|
| Regulatory Compliance | f3c17714-8ce7-357f-4af2-a0baa63a063f | Make SORNs available publicly | CMA_C1865 - Make SORNs available publicly | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 f3c17714-8ce7-357f-4af2-a0baa63a063f |
|
| Regulatory Compliance | b9d45adb-471b-56a5-64d2-5b241f126174 | Automate privacy controls | CMA_C1817 - Automate privacy controls | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 b9d45adb-471b-56a5-64d2-5b241f126174 |
|
| Regulatory Compliance | 4e400494-53a5-5147-6f4d-718b539c7394 | Manage compliance activities | CMA_0358 - Manage compliance activities | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 4e400494-53a5-5147-6f4d-718b539c7394 |
|
| Regulatory Compliance | 91a54089-2d69-0f56-62dc-b6371a1671c0 | Resume all mission and business functions | CMA_C1254 - Resume all mission and business functions | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 91a54089-2d69-0f56-62dc-b6371a1671c0 |
|
| App Service | 5bb220d9-2698-4ee4-8404-b9c30c9df609 | App Service apps should have 'Client Certificates (Incoming client certificates)' enabled | Client certificates allow for the app to request a certificate for incoming requests. Only clients that have a valid certificate will be able to reach the app. | Default Audit Allowed Audit, Disabled |
change | 2022-09-19 17:41:40 Major (2.0.0 > 3.0.0) |
|
| App Service | 08cf2974-d178-48a0-b26d-f6b8e555748b | Configure Function app slots to only be accessible over HTTPS | Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. | Default Modify Allowed Modify, Disabled |
count: 001 •Website Contributor |
add | 2022-09-19 17:41:40 08cf2974-d178-48a0-b26d-f6b8e555748b |
| App Service | a5e3fe8f-f6cd-4f1d-bbf6-c749754a724b | Configure App Service apps to turn off remote debugging | Remote debugging requires inbound ports to be opened on an App Service app. Remote debugging should be turned off. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 001 •Website Contributor |
add | 2022-09-19 17:41:40 a5e3fe8f-f6cd-4f1d-bbf6-c749754a724b |
| Regulatory Compliance | 3153d9c0-2584-14d3-362d-578b01358aeb | Retain training records | CMA_0456 - Retain training records | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 3153d9c0-2584-14d3-362d-578b01358aeb |
|
| Kubernetes | e345eecc-fa47-480f-9e88-67dcc122b164 | Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits | Enforce container CPU and memory resource limits to prevent resource exhaustion attacks in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. | Default Deny Allowed audit, Audit, deny, Deny, disabled, Disabled |
change | 2022-09-19 17:41:40 Major (8.0.0 > 9.0.0) |
|
| Regulatory Compliance | d91558ce-5a5c-551b-8fbb-83f793255e09 | Route traffic through authenticated proxy network | CMA_C1633 - Route traffic through authenticated proxy network | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 d91558ce-5a5c-551b-8fbb-83f793255e09 |
|
| Regulatory Compliance | 3e37c891-840c-3eb4-78d2-e2e0bb5063e0 | Require developers to describe accurate security functionality | CMA_C1613 - Require developers to describe accurate security functionality | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 3e37c891-840c-3eb4-78d2-e2e0bb5063e0 |
|
| Regulatory Compliance | f131c8c5-a54a-4888-1efc-158928924bc1 | Require developers to build security architecture | CMA_C1612 - Require developers to build security architecture | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 f131c8c5-a54a-4888-1efc-158928924bc1 |
|
| Regulatory Compliance | e29a8f1b-149b-2fa3-969d-ebee1baa9472 | Assign an authorizing official (AO) | CMA_C1158 - Assign an authorizing official (AO) | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 e29a8f1b-149b-2fa3-969d-ebee1baa9472 |
|
| Regulatory Compliance | 92a7591f-73b3-1173-a09c-a08882d84c70 | Identify actions allowed without authentication | CMA_0295 - Identify actions allowed without authentication | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 92a7591f-73b3-1173-a09c-a08882d84c70 |
|
| Regulatory Compliance | 68d2e478-3b19-23eb-1357-31b296547457 | Enforce software execution privileges | CMA_C1041 - Enforce software execution privileges | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 68d2e478-3b19-23eb-1357-31b296547457 |
|
| Regulatory Compliance | c981fa70-2e58-8141-1457-e7f62ebc2ade | Document organizational access agreements | CMA_0192 - Document organizational access agreements | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 c981fa70-2e58-8141-1457-e7f62ebc2ade |
|
| App Service | fd34e936-069e-4fe5-bac6-f7c9824caab6 | App Service app slots should use an Azure file share for its content directory | The content directory of an app should be located on an Azure file share. The storage account information for the file share must be provided before any publishing activity. To learn more about using Azure Files for hosting app service content refer to https://go.microsoft.com/fwlink/?linkid=2151594. | Default Audit Allowed Audit, Disabled |
add | 2022-09-19 17:41:40 fd34e936-069e-4fe5-bac6-f7c9824caab6 |
|
| App Service | e1a09430-221d-4d4c-a337-1edb5a1fa9bb | Function app slots should require FTPS only | Enable FTPS enforcement for enhanced security. | Default AuditIfNotExists Allowed AuditIfNotExists, Disabled |
add | 2022-09-19 17:41:40 e1a09430-221d-4d4c-a337-1edb5a1fa9bb |
|
| Regulatory Compliance | 00f12b6f-10d7-8117-9577-0f2b76488385 | Integrate risk management process into SDLC | CMA_C1567 - Integrate risk management process into SDLC | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 00f12b6f-10d7-8117-9577-0f2b76488385 |
|
| Regulatory Compliance | 085467a6-9679-5c65-584a-f55acefd0d43 | Require developers to implement only approved changes | CMA_C1596 - Require developers to implement only approved changes | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 085467a6-9679-5c65-584a-f55acefd0d43 |
|
| Regulatory Compliance | 178c8b7e-1b6e-4289-44dd-2f1526b678a1 | Ensure alternate storage site safeguards are equivalent to primary site | CMA_C1268 - Ensure alternate storage site safeguards are equivalent to primary site | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 178c8b7e-1b6e-4289-44dd-2f1526b678a1 |
|
| Regulatory Compliance | 18e9d748-73d4-0c96-55ab-b108bfbd5bc3 | Notify personnel of any failed security verification tests | CMA_C1710 - Notify personnel of any failed security verification tests | Default Manual Allowed Manual, Disabled |
add | 2022-09-19 17:41:40 18e9d748-73d4-0c96-55ab-b108bfbd5bc3 |
|
| Kubernetes | f4a8fce0-2dd5-4c21-9a36-8f0ec809d663 | Kubernetes cluster pod FlexVolume volumes should only use allowed drivers | Pod FlexVolume volumes should only use allowed drivers in a Kubernetes cluster. This recommendation is part of Pod Security Policies which are intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. | Default Audit Allowed audit, Audit, deny, Deny, disabled, Disabled |
change | 2022-09-19 17:41:40 Major (4.0.0 > 5.0.0) |
|
| Regulatory Compliance | 8bfdbaa6-6824-3fec-9b06-7961bf7389a6 | Initiate contingency plan testing corrective actions | CMA_C1263 - Initiate contingency plan testing corrective actions | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 8bfdbaa6-6824-3fec-9b06-7961bf7389a6 |
|
| Regulatory Compliance | 44f8a42d-739f-8030-89a8-4c2d5b3f6af3 | Provide audit review, analysis, and reporting capability | CMA_C1124 - Provide audit review, analysis, and reporting capability | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 44f8a42d-739f-8030-89a8-4c2d5b3f6af3 |
|
| Regulatory Compliance | 13ef3484-3a51-785a-9c96-500f21f84edd | Information flow control using security policy filters | CMA_C1029 - Information flow control using security policy filters | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 13ef3484-3a51-785a-9c96-500f21f84edd |
|
| Regulatory Compliance | c148208b-1a6f-a4ac-7abc-23b1d41121b1 | Document the information system environment in acquisition contracts | CMA_0205 - Document the information system environment in acquisition contracts | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 c148208b-1a6f-a4ac-7abc-23b1d41121b1 |
|
| Regulatory Compliance | d6653f89-7cb5-24a4-9d71-51581038231b | Reauthenticate or terminate a user session | CMA_0421 - Reauthenticate or terminate a user session | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 d6653f89-7cb5-24a4-9d71-51581038231b |
|
| Regulatory Compliance | c7d57a6a-7cc2-66c0-299f-83bf90558f5d | Enforce random unique session identifiers | CMA_0247 - Enforce random unique session identifiers | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 c7d57a6a-7cc2-66c0-299f-83bf90558f5d |
|
| Regulatory Compliance | 27ab3ac0-910d-724d-0afa-1a2a01e996c0 | Respond to rectification requests | CMA_0442 - Respond to rectification requests | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 27ab3ac0-910d-724d-0afa-1a2a01e996c0 |
|
| Regulatory Compliance | e6f7b584-877a-0d69-77d4-ab8b923a9650 | Document separation of duties | CMA_0204 - Document separation of duties | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 e6f7b584-877a-0d69-77d4-ab8b923a9650 |
|
| Regulatory Compliance | 97cfd944-6f0c-7db2-3796-8e890ef70819 | Establish conditions for role membership | CMA_0269 - Establish conditions for role membership | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 97cfd944-6f0c-7db2-3796-8e890ef70819 |
|
| Regulatory Compliance | 34738025-5925-51f9-1081-f2d0060133ed | Information security and personal data protection | CMA_0332 - Information security and personal data protection | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 34738025-5925-51f9-1081-f2d0060133ed |
|
| Regulatory Compliance | 9e3c505e-7aeb-2096-3417-b132242731fc | Review content prior to posting publicly accessible information | CMA_C1085 - Review content prior to posting publicly accessible information | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 9e3c505e-7aeb-2096-3417-b132242731fc |
|
| Regulatory Compliance | f741c4e6-41eb-15a4-25a2-61ac7ca232f0 | Integrate audit review, analysis, and reporting | CMA_0339 - Integrate audit review, analysis, and reporting | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 f741c4e6-41eb-15a4-25a2-61ac7ca232f0 |
|
| Regulatory Compliance | c79d378a-2521-822a-0407-57454f8d2c74 | Notify upon termination or transfer | CMA_0381 - Notify upon termination or transfer | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 c79d378a-2521-822a-0407-57454f8d2c74 |
|
| Regulatory Compliance | 66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8 | Prevent split tunneling for remote devices | CMA_C1632 - Prevent split tunneling for remote devices | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8 |
|
| Regulatory Compliance | 2927e340-60e4-43ad-6b5f-7a1468232cc2 | Configure detection whitelist | CMA_0068 - Configure detection whitelist | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 2927e340-60e4-43ad-6b5f-7a1468232cc2 |
|
| Regulatory Compliance | 67ada943-8539-083d-35d0-7af648974125 | Determine supplier contract obligations | CMA_0140 - Determine supplier contract obligations | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 67ada943-8539-083d-35d0-7af648974125 |
|
| Regulatory Compliance | 8cd815bf-97e1-5144-0735-11f6ddb50a59 | Enforce and audit access restrictions | CMA_C1203 - Enforce and audit access restrictions | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 8cd815bf-97e1-5144-0735-11f6ddb50a59 |
|
| Regulatory Compliance | 9b8b05ec-3d21-215e-5d98-0f7cf0998202 | Provide security awareness training for insider threats | CMA_0417 - Provide security awareness training for insider threats | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 9b8b05ec-3d21-215e-5d98-0f7cf0998202 |
|
| Regulatory Compliance | 5023a9e7-8e64-2db6-31dc-7bce27f796af | Provide privacy notice to the public and to individuals | CMA_C1861 - Provide privacy notice to the public and to individuals | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 5023a9e7-8e64-2db6-31dc-7bce27f796af |
|
| Regulatory Compliance | 341bc9f1-7489-07d9-4ec6-971573e1546a | Define access authorizations to support separation of duties | CMA_0116 - Define access authorizations to support separation of duties | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 341bc9f1-7489-07d9-4ec6-971573e1546a |
|
| Regulatory Compliance | 84245967-7882-54f6-2d34-85059f725b47 | Establish an information security program | CMA_0263 - Establish an information security program | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 84245967-7882-54f6-2d34-85059f725b47 |
|
| Regulatory Compliance | c423e64d-995c-9f67-0403-b540f65ba42a | Assess Security Controls | CMA_C1145 - Assess Security Controls | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 c423e64d-995c-9f67-0403-b540f65ba42a |
|
| Regulatory Compliance | b2ea1058-8998-3dd1-84f1-82132ad482fd | Develop and establish a system security plan | CMA_0151 - Develop and establish a system security plan | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 b2ea1058-8998-3dd1-84f1-82132ad482fd |
|
| Regulatory Compliance | 3ae68d9a-5696-8c32-62d3-c6f9c52e437c | Refresh authenticators | CMA_0425 - Refresh authenticators | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 3ae68d9a-5696-8c32-62d3-c6f9c52e437c |
|
| Regulatory Compliance | 7ad83b58-2042-085d-08f0-13e946f26f89 | Update rules of behavior and access agreements every 3 years | CMA_0522 - Update rules of behavior and access agreements every 3 years | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 7ad83b58-2042-085d-08f0-13e946f26f89 |
|
| Regulatory Compliance | 1ee4c7eb-480a-0007-77ff-4ba370776266 | Use system clocks for audit records | CMA_0535 - Use system clocks for audit records | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 1ee4c7eb-480a-0007-77ff-4ba370776266 |
|
| Monitoring | 58e891b9-ce13-4ac3-86e4-ac3e1f20cb07 | Configure Linux Virtual Machines to be associated with a Data Collection Rule | Deploy Association to link Linux virtual machines to the specified Data Collection Rule. The list of locations and OS images are updated over time as support is increased. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 002 •Log Analytics Contributor •Monitoring Contributor |
change | 2022-09-13 16:35:29 Major (2.0.0 > 3.0.0) |
| Regulatory Compliance | 26d178a4-9261-6f04-a100-47ed85314c6e | Implement security directives | CMA_C1706 - Implement security directives | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 26d178a4-9261-6f04-a100-47ed85314c6e |
|
| Monitoring | 59c3d93f-900b-4827-a8bd-562e7b956e7c | Configure Linux virtual machine scale sets to run Azure Monitor Agent with user-assigned managed identity-based authentication | Automate the deployment of Azure Monitor Agent extension on your Linux virtual machine scale sets for collecting telemetry data from the guest OS. This policy will install the extension and configure it to use the specified user-assigned managed identity if the OS and region are supported, and skip install otherwise. Learn more: https://aka.ms/AMAOverview. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 001 •Virtual Machine Contributor |
change | 2022-09-13 16:35:29 Major (2.1.0 > 3.0.0) |
| Regulatory Compliance | 979ed3b6-83f9-26bc-4b86-5b05464700bf | Modify access authorizations upon personnel transfer | CMA_0374 - Modify access authorizations upon personnel transfer | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 979ed3b6-83f9-26bc-4b86-5b05464700bf |
|
| Regulatory Compliance | 6610f662-37e9-2f71-65be-502bdc2f554d | Update rules of behavior and access agreements | CMA_0521 - Update rules of behavior and access agreements | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 6610f662-37e9-2f71-65be-502bdc2f554d |
|
| Regulatory Compliance | a930f477-9dcb-2113-8aa7-45bb6fc90861 | Review and update the events defined in AU-02 | CMA_C1106 - Review and update the events defined in AU-02 | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 a930f477-9dcb-2113-8aa7-45bb6fc90861 |
|
| Regulatory Compliance | 4aacaec9-0628-272c-3e83-0d68446694e0 | Manage Authenticators | CMA_C1321 - Manage Authenticators | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 4aacaec9-0628-272c-3e83-0d68446694e0 |
|
| Regulatory Compliance | 92ede480-154e-0e22-4dca-8b46a74a3a51 | Maintain records of processing of personal data | CMA_0353 - Maintain records of processing of personal data | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 92ede480-154e-0e22-4dca-8b46a74a3a51 |
|
| Regulatory Compliance | 2b2f3a72-9e68-3993-2b69-13dcdecf8958 | Define requirements for supplying goods and services | CMA_0126 - Define requirements for supplying goods and services | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 2b2f3a72-9e68-3993-2b69-13dcdecf8958 |
|
| Regulatory Compliance | b6ad009f-5c24-1dc0-a25e-74b60e4da45f | Control maintenance and repair activities | CMA_0080 - Control maintenance and repair activities | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 b6ad009f-5c24-1dc0-a25e-74b60e4da45f |
|
| Regulatory Compliance | 37546841-8ea1-5be0-214d-8ac599588332 | Maintain incident response plan | CMA_0352 - Maintain incident response plan | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 37546841-8ea1-5be0-214d-8ac599588332 |
|
| Regulatory Compliance | 77acc53d-0f67-6e06-7d04-5750653d4629 | Document the protection of cardholder data in third party contracts | CMA_0207 - Document the protection of cardholder data in third party contracts | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 77acc53d-0f67-6e06-7d04-5750653d4629 |
|
| Regulatory Compliance | e4e1f896-8a93-1151-43c7-0ad23b081ee2 | Authorize, monitor, and control voip | CMA_0025 - Authorize, monitor, and control voip | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 e4e1f896-8a93-1151-43c7-0ad23b081ee2 |
|
| Regulatory Compliance | 7d10debd-4775-85a7-1a41-7e128e0e8c50 | Automate process to prohibit implementation of unapproved changes | CMA_C1194 - Automate process to prohibit implementation of unapproved changes | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 7d10debd-4775-85a7-1a41-7e128e0e8c50 |
|
| Regulatory Compliance | 8b1da407-5e60-5037-612e-2caa1b590719 | Record disclosures of PII to third parties | CMA_0422 - Record disclosures of PII to third parties | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 8b1da407-5e60-5037-612e-2caa1b590719 |
|
| Regulatory Compliance | 3881168c-5d38-6f04-61cc-b5d87b2c4c58 | Establish third-party personnel security requirements | CMA_C1529 - Establish third-party personnel security requirements | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 3881168c-5d38-6f04-61cc-b5d87b2c4c58 |
|
| Regulatory Compliance | 4ee5975d-2507-5530-a20a-83a725889c6f | Restrict unauthorized software and firmware installation | CMA_C1205 - Restrict unauthorized software and firmware installation | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 4ee5975d-2507-5530-a20a-83a725889c6f |
|
| Regulatory Compliance | 23d1a569-2d1e-7f43-9e22-1f94115b7dd5 | Identify classes of Incidents and Actions taken | CMA_C1365 - Identify classes of Incidents and Actions taken | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 23d1a569-2d1e-7f43-9e22-1f94115b7dd5 |
|
| Regulatory Compliance | 58a51cde-008b-1a5d-61b5-d95849770677 | Test the business continuity and disaster recovery plan | CMA_0509 - Test the business continuity and disaster recovery plan | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 58a51cde-008b-1a5d-61b5-d95849770677 |
|
| Regulatory Compliance | 5c33538e-02f8-0a7f-998b-a4c1e22076d3 | Govern compliance of cloud service providers | CMA_0290 - Govern compliance of cloud service providers | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 5c33538e-02f8-0a7f-998b-a4c1e22076d3 |
|
| Regulatory Compliance | b273f1e3-79e7-13ee-5b5d-dca6c66c3d5d | Manage maintenance personnel | CMA_C1421 - Manage maintenance personnel | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 b273f1e3-79e7-13ee-5b5d-dca6c66c3d5d |
|
| Regulatory Compliance | 043c1e56-5a16-52f8-6af8-583098ff3e60 | Create a data inventory | CMA_0096 - Create a data inventory | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 043c1e56-5a16-52f8-6af8-583098ff3e60 |
|
| Regulatory Compliance | 0ba211ef-0e85-2a45-17fc-401d1b3f8f85 | Document requirements for the use of shared data in contracts | CMA_0197 - Document requirements for the use of shared data in contracts | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 0ba211ef-0e85-2a45-17fc-401d1b3f8f85 |
|
| Regulatory Compliance | f29b17a4-0df2-8a50-058a-8570f9979d28 | Assign system identifiers | CMA_0018 - Assign system identifiers | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 f29b17a4-0df2-8a50-058a-8570f9979d28 |
|
| Regulatory Compliance | af5ff768-a34b-720e-1224-e6b3214f3ba6 | Establish an alternate processing site | CMA_0262 - Establish an alternate processing site | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 af5ff768-a34b-720e-1224-e6b3214f3ba6 |
|
| Regulatory Compliance | 433de59e-7a53-a766-02c2-f80f8421469a | Implement incident handling | CMA_0318 - Implement incident handling | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 433de59e-7a53-a766-02c2-f80f8421469a |
|
| Regulatory Compliance | 1ff03f2a-974b-3272-34f2-f6cd51420b30 | Obscure feedback information during authentication process | CMA_C1344 - Obscure feedback information during authentication process | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 1ff03f2a-974b-3272-34f2-f6cd51420b30 |
|
| Regulatory Compliance | 11ba0508-58a8-44de-5f3a-9e05d80571da | Develop business classification schemes | CMA_0155 - Develop business classification schemes | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 11ba0508-58a8-44de-5f3a-9e05d80571da |
|
| Regulatory Compliance | 33602e78-35e3-4f06-17fb-13dd887448e4 | Conduct capacity planning | CMA_C1252 - Conduct capacity planning | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 33602e78-35e3-4f06-17fb-13dd887448e4 |
|
| Regulatory Compliance | c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 | Verify personal data is deleted at the end of processing | CMA_0540 - Verify personal data is deleted at the end of processing | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 |
|
| Regulatory Compliance | 72889284-15d2-90b2-4b39-a1e9541e1152 | Verify identity before distributing authenticators | CMA_0538 - Verify identity before distributing authenticators | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 72889284-15d2-90b2-4b39-a1e9541e1152 |
|
| Regulatory Compliance | 1fb1cb0e-1936-6f32-42fd-89970b535855 | Manage nonlocal maintenance and diagnostic activities | CMA_0364 - Manage nonlocal maintenance and diagnostic activities | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 1fb1cb0e-1936-6f32-42fd-89970b535855 |
|
| Regulatory Compliance | 1282809c-9001-176b-4a81-260a085f4872 | Perform audit for configuration change control | CMA_0390 - Perform audit for configuration change control | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 1282809c-9001-176b-4a81-260a085f4872 |
|
| Regulatory Compliance | b5244f81-6cab-3188-2412-179162294996 | Review publicly accessible content for nonpublic information | CMA_C1086 - Review publicly accessible content for nonpublic information | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 b5244f81-6cab-3188-2412-179162294996 |
|
| Regulatory Compliance | bab9ef1d-a16d-421a-822d-3fa94e808156 | Route traffic through managed network access points | CMA_0484 - Route traffic through managed network access points | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 bab9ef1d-a16d-421a-822d-3fa94e808156 |
|
| Regulatory Compliance | f9ec3263-9562-1768-65a1-729793635a8d | Document protection of personal data in acquisition contracts | CMA_0194 - Document protection of personal data in acquisition contracts | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 f9ec3263-9562-1768-65a1-729793635a8d |
|
| Regulatory Compliance | d02498e0-8a6f-6b02-8332-19adf6711d1e | Develop organization code of conduct policy | CMA_0159 - Develop organization code of conduct policy | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 d02498e0-8a6f-6b02-8332-19adf6711d1e |
|
| Regulatory Compliance | ee67c031-57fc-53d0-0cca-96c4c04345e8 | Document and distribute a privacy policy | CMA_0188 - Document and distribute a privacy policy | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 ee67c031-57fc-53d0-0cca-96c4c04345e8 |
|
| Regulatory Compliance | 35de8462-03ff-45b3-5746-9d4603c74c56 | Implement an insider threat program | CMA_C1751 - Implement an insider threat program | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 35de8462-03ff-45b3-5746-9d4603c74c56 |
|
| Regulatory Compliance | 8019d788-713d-90a1-5570-dac5052f517d | Train staff on PII sharing and its consequences | CMA_C1871 - Train staff on PII sharing and its consequences | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 8019d788-713d-90a1-5570-dac5052f517d |
|
| Regulatory Compliance | f33c3238-11d2-508c-877c-4262ec1132e1 | Recover and reconstitute resources after any disruption | CMA_C1295 - Recover and reconstitute resources after any disruption | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 f33c3238-11d2-508c-877c-4262ec1132e1 |
|
| Regulatory Compliance | 0f4fa857-079d-9d3d-5c49-21f616189e03 | Provide real-time alerts for audit event failures | CMA_C1114 - Provide real-time alerts for audit event failures | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 0f4fa857-079d-9d3d-5c49-21f616189e03 |
|
| Regulatory Compliance | d36700f2-2f0d-7c2a-059c-bdadd1d79f70 | Establish a risk management strategy | CMA_0258 - Establish a risk management strategy | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 d36700f2-2f0d-7c2a-059c-bdadd1d79f70 |
|
| Regulatory Compliance | fc26e2fd-3149-74b4-5988-d64bb90f8ef7 | Separately store backup information | CMA_C1293 - Separately store backup information | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 fc26e2fd-3149-74b4-5988-d64bb90f8ef7 |
|
| Regulatory Compliance | 6abdf7c7-362b-3f35-099e-533ed50988f9 | Assign information security representative to change control | CMA_C1198 - Assign information security representative to change control | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 6abdf7c7-362b-3f35-099e-533ed50988f9 |
|
| Regulatory Compliance | 5d3abfea-a130-1208-29c0-e57de80aa6b0 | Review the results of contingency plan testing | CMA_C1262 - Review the results of contingency plan testing | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 5d3abfea-a130-1208-29c0-e57de80aa6b0 |
|
| Regulatory Compliance | 9150259b-617b-596d-3bf5-5ca3fce20335 | Establish policies for supply chain risk management | CMA_0275 - Establish policies for supply chain risk management | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 9150259b-617b-596d-3bf5-5ca3fce20335 |
|
| Regulatory Compliance | ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba | Review file and folder activity | CMA_0473 - Review file and folder activity | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba |
|
| Regulatory Compliance | b4409bff-2287-8407-05fd-c73175a68302 | Enforce a limit of consecutive failed login attempts | CMA_C1044 - Enforce a limit of consecutive failed login attempts | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 b4409bff-2287-8407-05fd-c73175a68302 |
|
| Regulatory Compliance | ad1d562b-a04b-15d3-6770-ed310b601cb5 | Publish rules and regulations accessing Privacy Act records | CMA_C1847 - Publish rules and regulations accessing Privacy Act records | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 ad1d562b-a04b-15d3-6770-ed310b601cb5 |
|
| Regulatory Compliance | f78fc35e-1268-0bca-a798-afcba9d2330a | Select additional testing for security control assessments | CMA_C1149 - Select additional testing for security control assessments | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 f78fc35e-1268-0bca-a798-afcba9d2330a |
|
| Regulatory Compliance | 203101f5-99a3-1491-1b56-acccd9b66a9e | Conduct a security impact analysis | CMA_0057 - Conduct a security impact analysis | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 203101f5-99a3-1491-1b56-acccd9b66a9e |
|
| Regulatory Compliance | d4f70530-19a2-2a85-6e0c-0c3c465e3325 | Make accounting of disclosures available upon request | CMA_C1820 - Make accounting of disclosures available upon request | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 d4f70530-19a2-2a85-6e0c-0c3c465e3325 |
|
| Regulatory Compliance | 01ae60e2-38bb-0a32-7b20-d3a091423409 | Implement system boundary protection | CMA_0328 - Implement system boundary protection | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 01ae60e2-38bb-0a32-7b20-d3a091423409 |
|
| Monitoring | 32ade945-311e-4249-b8a4-a549924234d7 | Linux virtual machine scale sets should have Azure Monitor Agent installed | Linux virtual machine scale sets should be monitored and secured through the deployed Azure Monitor Agent. The Azure Monitor Agent collects telemetry data from the guest OS. This policy will audit virtual machine scale sets with supported OS images in supported regions. Learn more: https://aka.ms/AMAOverview. | Default AuditIfNotExists Allowed AuditIfNotExists, Disabled |
change | 2022-09-13 16:35:29 Major (2.0.0 > 3.0.0) |
|
| Regulatory Compliance | b28c8687-4bbd-8614-0b96-cdffa1ac6d9c | Review and update incident response policies and procedures | CMA_C1352 - Review and update incident response policies and procedures | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 b28c8687-4bbd-8614-0b96-cdffa1ac6d9c |
|
| Regulatory Compliance | ba78efc6-795c-64f4-7a02-91effbd34af9 | Execute actions in response to information spills | CMA_0281 - Execute actions in response to information spills | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 ba78efc6-795c-64f4-7a02-91effbd34af9 |
|
| Regulatory Compliance | d8bbd80e-3bb1-5983-06c2-428526ec6a63 | Establish a password policy | CMA_0256 - Establish a password policy | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 d8bbd80e-3bb1-5983-06c2-428526ec6a63 |
|
| Regulatory Compliance | c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928 | Appoint a senior information security officer | CMA_C1733 - Appoint a senior information security officer | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928 |
|
| Regulatory Compliance | 42116f15-5665-a52a-87bb-b40e64c74b6c | Develop acceptable use policies and procedures | CMA_0143 - Develop acceptable use policies and procedures | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 42116f15-5665-a52a-87bb-b40e64c74b6c |
|
| Regulatory Compliance | 57927290-8000-59bf-3776-90c468ac5b4b | Document security functional requirements in acquisition contracts | CMA_0201 - Document security functional requirements in acquisition contracts | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 57927290-8000-59bf-3776-90c468ac5b4b |
|
| Regulatory Compliance | b8972f60-8d77-1cb8-686f-9c9f4cdd8a59 | Use dedicated machines for administrative tasks | CMA_0527 - Use dedicated machines for administrative tasks | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 b8972f60-8d77-1cb8-686f-9c9f4cdd8a59 |
|
| Regulatory Compliance | 06f84330-4c27-21f7-72cd-7488afd50244 | Implement privacy notice delivery methods | CMA_0324 - Implement privacy notice delivery methods | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 06f84330-4c27-21f7-72cd-7488afd50244 |
|
| Regulatory Compliance | 29363ae1-68cd-01ca-799d-92c9197c8404 | Manage authenticator lifetime and reuse | CMA_0355 - Manage authenticator lifetime and reuse | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 29363ae1-68cd-01ca-799d-92c9197c8404 |
|
| Regulatory Compliance | 678ca228-042d-6d8e-a598-c58d5670437d | Prohibit remote activation of collaborative computing devices | CMA_C1648 - Prohibit remote activation of collaborative computing devices | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 678ca228-042d-6d8e-a598-c58d5670437d |
|
| Regulatory Compliance | 8eea8c14-4d93-63a3-0c82-000343ee5204 | Conduct a full text analysis of logged privileged commands | CMA_0056 - Conduct a full text analysis of logged privileged commands | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 8eea8c14-4d93-63a3-0c82-000343ee5204 |
|
| Regulatory Compliance | 54a9c072-4a93-2a03-6a43-a060d30383d7 | Eradicate contaminated information | CMA_0253 - Eradicate contaminated information | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 54a9c072-4a93-2a03-6a43-a060d30383d7 |
|
| Regulatory Compliance | b4512986-80f5-1656-0c58-08866bd2673a | Designate authorized personnel to post publicly accessible information | CMA_C1083 - Designate authorized personnel to post publicly accessible information | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 b4512986-80f5-1656-0c58-08866bd2673a |
|
| Regulatory Compliance | b3c8cc83-20d3-3890-8bc8-5568777670f4 | Establish requirements for audit review and reporting | CMA_0277 - Establish requirements for audit review and reporting | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 b3c8cc83-20d3-3890-8bc8-5568777670f4 |
|
| Regulatory Compliance | 9ac8621d-9acd-55bf-9f99-ee4212cc3d85 | Provide periodic role-based security training | CMA_C1095 - Provide periodic role-based security training | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 9ac8621d-9acd-55bf-9f99-ee4212cc3d85 |
|
| Regulatory Compliance | 5c40f27b-6791-18c5-3f85-7b863bd99c11 | Automate proposed documented changes | CMA_C1191 - Automate proposed documented changes | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 5c40f27b-6791-18c5-3f85-7b863bd99c11 |
|
| Regulatory Compliance | 1afada58-8b34-7ac2-a38a-983218635201 | Define acceptable and unacceptable mobile code technologies | CMA_C1651 - Define acceptable and unacceptable mobile code technologies | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 1afada58-8b34-7ac2-a38a-983218635201 |
|
| Regulatory Compliance | d041726f-00e0-41ca-368c-b1a122066482 | Provide role-based practical exercises | CMA_C1096 - Provide role-based practical exercises | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 d041726f-00e0-41ca-368c-b1a122066482 |
|
| Regulatory Compliance | 5fe84a4c-1b0c-a738-2aba-ed49c9069d3b | Prohibit unfair practices | CMA_0396 - Prohibit unfair practices | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 5fe84a4c-1b0c-a738-2aba-ed49c9069d3b |
|
| Regulatory Compliance | fd81a1b3-2d7a-107c-507e-29b87d040c19 | Enforce appropriate usage of all accounts | CMA_C1023 - Enforce appropriate usage of all accounts | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 fd81a1b3-2d7a-107c-507e-29b87d040c19 |
|
| Regulatory Compliance | 52375c01-4d4c-7acc-3aa4-5b3d53a047ec | Define the duties of processors | CMA_0127 - Define the duties of processors | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 52375c01-4d4c-7acc-3aa4-5b3d53a047ec |
|
| Regulatory Compliance | 05ec66a2-137c-14b8-8e75-3d7a2bef07f8 | Implement physical security for offices, working areas, and secure areas | CMA_0323 - Implement physical security for offices, working areas, and secure areas | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 05ec66a2-137c-14b8-8e75-3d7a2bef07f8 |
|
| Regulatory Compliance | 18e7906d-4197-20fa-2f14-aaac21864e71 | Document process to ensure integrity of PII | CMA_C1827 - Document process to ensure integrity of PII | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 18e7906d-4197-20fa-2f14-aaac21864e71 |
|
| Regulatory Compliance | 8aec4343-9153-9641-172c-defb201f56b3 | Review cloud identity report overview | CMA_0468 - Review cloud identity report overview | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 8aec4343-9153-9641-172c-defb201f56b3 |
|
| Regulatory Compliance | f8d141b7-4e21-62a6-6608-c79336e36bc9 | Establish privacy requirements for contractors and service providers | CMA_C1810 - Establish privacy requirements for contractors and service providers | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 f8d141b7-4e21-62a6-6608-c79336e36bc9 |
|
| Regulatory Compliance | 0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 | Assess risk in third party relationships | CMA_0014 - Assess risk in third party relationships | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 |
|
| Regulatory Compliance | 0bbfd658-93ab-6f5e-1e19-3c1c1da62d01 | Keep accurate accounting of disclosures of information | CMA_C1818 - Keep accurate accounting of disclosures of information | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 0bbfd658-93ab-6f5e-1e19-3c1c1da62d01 |
|
| Regulatory Compliance | 4c6df5ff-4ef2-4f17-a516-0da9189c603b | Assign account managers | CMA_0015 - Assign account managers | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 4c6df5ff-4ef2-4f17-a516-0da9189c603b |
|
| Regulatory Compliance | 214ea241-010d-8926-44cc-b90a96d52adc | Compile Audit records into system wide audit | CMA_C1140 - Compile Audit records into system wide audit | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 214ea241-010d-8926-44cc-b90a96d52adc |
|
| Regulatory Compliance | 7d70383a-32f4-a0c2-61cf-a134851968c2 | Determine legal authority to collect PII | CMA_C1800 - Determine legal authority to collect PII | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 7d70383a-32f4-a0c2-61cf-a134851968c2 |
|
| Regulatory Compliance | 3c93dba1-84fd-57de-33c7-ef0400a08134 | Establish terms and conditions for accessing resources | CMA_C1076 - Establish terms and conditions for accessing resources | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 3c93dba1-84fd-57de-33c7-ef0400a08134 |
|
| Regulatory Compliance | eab4450d-9e5c-4f38-0656-2ff8c78c83f3 | Document and implement privacy complaint procedures | CMA_0189 - Document and implement privacy complaint procedures | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 eab4450d-9e5c-4f38-0656-2ff8c78c83f3 |
|
| Synapse | 1e5ed725-f16c-478b-bd4b-7bfa2f7940b9 | Configure Azure Synapse workspaces to use private DNS zones | Use private DNS zones to override the DNS resolution for a private endpoint. A private DNS zone links to your virtual network to resolve to Azure Synapse workspace. Learn more at: https://docs.microsoft.com/azure/synapse-analytics/security/how-to-connect-to-workspace-from-restricted-network#appendix-dns-registration-for-private-endpoint. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 001 •Network Contributor |
change | 2022-09-13 16:35:29 Major (1.0.0 > 2.0.0) |
| Regulatory Compliance | 35963d41-4263-0ef9-98d5-70eb058f9e3c | Establish procedures for initial authenticator distribution | CMA_0276 - Establish procedures for initial authenticator distribution | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 35963d41-4263-0ef9-98d5-70eb058f9e3c |
|
| Regulatory Compliance | c72fc0c8-2df8-7506-30be-6ba1971747e1 | Automate implementation of approved change notifications | CMA_C1196 - Automate implementation of approved change notifications | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 c72fc0c8-2df8-7506-30be-6ba1971747e1 |
|
| Regulatory Compliance | 97f0d974-1486-01e2-2088-b888f46c0589 | Train personnel on disclosure of nonpublic information | CMA_C1084 - Train personnel on disclosure of nonpublic information | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 97f0d974-1486-01e2-2088-b888f46c0589 |
|
| Regulatory Compliance | 6ab47bbf-867e-9113-7998-89b58f77326a | Respond to complaints, concerns, or questions timely | CMA_C1853 - Respond to complaints, concerns, or questions timely | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 6ab47bbf-867e-9113-7998-89b58f77326a |
|
| Regulatory Compliance | 8bb40df9-23e4-4175-5db3-8dba86349b73 | Confirm quality and integrity of PII | CMA_C1821 - Confirm quality and integrity of PII | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 8bb40df9-23e4-4175-5db3-8dba86349b73 |
|
| Regulatory Compliance | 27965e62-141f-8cca-426f-d09514ee5216 | Establish and maintain an asset inventory | CMA_0266 - Establish and maintain an asset inventory | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 27965e62-141f-8cca-426f-d09514ee5216 |
|
| Regulatory Compliance | e8c31e15-642d-600f-78ab-bad47a5787e6 | Require third-party providers to comply with personnel security policies and procedures | CMA_C1530 - Require third-party providers to comply with personnel security policies and procedures | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 e8c31e15-642d-600f-78ab-bad47a5787e6 |
|
| Regulatory Compliance | 92b49e92-570f-1765-804a-378e6c592e28 | Automate process to highlight unreviewed change proposals | CMA_C1193 - Automate process to highlight unreviewed change proposals | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 92b49e92-570f-1765-804a-378e6c592e28 |
|
| Monitoring | ae8a10e6-19d6-44a3-a02d-a2bdfc707742 | Configure Linux virtual machines to run Azure Monitor Agent with user-assigned managed identity-based authentication | Automate the deployment of Azure Monitor Agent extension on your Linux virtual machines for collecting telemetry data from the guest OS. This policy will install the extension and configure it to use the specified user-assigned managed identity if the OS and region are supported, and skip install otherwise. Learn more: https://aka.ms/AMAOverview. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 001 •Virtual Machine Contributor |
change | 2022-09-13 16:35:29 Major (2.1.0 > 3.0.0) |
| Regulatory Compliance | 271a3e58-1b38-933d-74c9-a580006b80aa | Document personnel acceptance of privacy requirements | CMA_0193 - Document personnel acceptance of privacy requirements | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 271a3e58-1b38-933d-74c9-a580006b80aa |
|
| Monitoring | 1afdc4b6-581a-45fb-b630-f1e6051e3e7a | Linux virtual machines should have Azure Monitor Agent installed | Linux virtual machines should be monitored and secured through the deployed Azure Monitor Agent. The Azure Monitor Agent collects telemetry data from the guest OS. This policy will audit virtual machines with supported OS images in supported regions. Learn more: https://aka.ms/AMAOverview. | Default AuditIfNotExists Allowed AuditIfNotExists, Disabled |
change | 2022-09-13 16:35:29 Major (2.0.0 > 3.0.0) |
|
| Regulatory Compliance | 5226dee6-3420-711b-4709-8e675ebd828f | Update information security policies | CMA_0518 - Update information security policies | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 5226dee6-3420-711b-4709-8e675ebd828f |
|
| Regulatory Compliance | 964b340a-43a4-4798-2af5-7aedf6cb001b | Collect PII directly from the individual | CMA_C1822 - Collect PII directly from the individual | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 964b340a-43a4-4798-2af5-7aedf6cb001b |
|
| Regulatory Compliance | ebb0ba89-6d8c-84a7-252b-7393881e43de | Document security strength requirements in acquisition contracts | CMA_0203 - Document security strength requirements in acquisition contracts | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 ebb0ba89-6d8c-84a7-252b-7393881e43de |
|
| Regulatory Compliance | 70a7a065-a060-85f8-7863-eb7850ed2af9 | Produce Security Assessment report | CMA_C1146 - Produce Security Assessment report | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 70a7a065-a060-85f8-7863-eb7850ed2af9 |
|
| Regulatory Compliance | 8a703eb5-4e53-701b-67e4-05ba2f7930c8 | Separate user and information system management functionality | CMA_0493 - Separate user and information system management functionality | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 8a703eb5-4e53-701b-67e4-05ba2f7930c8 |
|
| Regulatory Compliance | 01c387ea-383d-4ca9-295a-977fab516b03 | Authorize remote access to privileged commands | CMA_C1064 - Authorize remote access to privileged commands | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 01c387ea-383d-4ca9-295a-977fab516b03 |
|
| Regulatory Compliance | 39eb03c1-97cc-11ab-0960-6209ed2869f7 | Establish a privacy program | CMA_0257 - Establish a privacy program | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 39eb03c1-97cc-11ab-0960-6209ed2869f7 |
|
| Regulatory Compliance | 3545c827-26ee-282d-4629-23952a12008b | Conduct incident response testing | CMA_0060 - Conduct incident response testing | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 3545c827-26ee-282d-4629-23952a12008b |
|
| Regulatory Compliance | 8c255136-994b-9616-79f5-ae87810e0dcf | Enable network protection | CMA_0238 - Enable network protection | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 8c255136-994b-9616-79f5-ae87810e0dcf |
|
| Regulatory Compliance | d4e6a629-28eb-79a9-000b-88030e4823ca | Coordinate with external organizations to achieve cross org perspective | CMA_C1368 - Coordinate with external organizations to achieve cross org perspective | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 d4e6a629-28eb-79a9-000b-88030e4823ca |
|
| Regulatory Compliance | 6f3866e8-6e12-69cf-788c-809d426094a1 | Establish electronic signature and certificate requirements | CMA_0271 - Establish electronic signature and certificate requirements | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 6f3866e8-6e12-69cf-788c-809d426094a1 |
|
| Regulatory Compliance | fe2dff43-0a8c-95df-0432-cb1c794b17d0 | Notify users of system logon or access | CMA_0382 - Notify users of system logon or access | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 fe2dff43-0a8c-95df-0432-cb1c794b17d0 |
|
| Regulatory Compliance | 9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 | Define mobile device requirements | CMA_0122 - Define mobile device requirements | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 |
|
| Regulatory Compliance | c42f19c9-5d88-92da-0742-371a0ea03126 | Clear personnel with access to classified information | CMA_0054 - Clear personnel with access to classified information | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 c42f19c9-5d88-92da-0742-371a0ea03126 |
|
| Regulatory Compliance | 85335602-93f5-7730-830b-d43426fd51fa | Integrate Audit record analysis | CMA_C1120 - Integrate Audit record analysis | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 85335602-93f5-7730-830b-d43426fd51fa |
|
| Regulatory Compliance | 4ce91e4e-6dab-3c46-011a-aa14ae1561bf | Maintain list of authorized remote maintenance personnel | CMA_C1420 - Maintain list of authorized remote maintenance personnel | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 4ce91e4e-6dab-3c46-011a-aa14ae1561bf |
|
| Regulatory Compliance | 34aac8b2-488a-2b96-7280-5b9b481a317a | Incorporate flaw remediation into configuration management | CMA_C1671 - Incorporate flaw remediation into configuration management | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 34aac8b2-488a-2b96-7280-5b9b481a317a |
|
| Regulatory Compliance | 575ed5e8-4c29-99d0-0e4d-689fb1d29827 | Automate approval request for proposed changes | CMA_C1192 - Automate approval request for proposed changes | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 575ed5e8-4c29-99d0-0e4d-689fb1d29827 |
|
| Regulatory Compliance | c2eabc28-1e5c-78a2-a712-7cc176c44c07 | Implement a penetration testing methodology | CMA_0306 - Implement a penetration testing methodology | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 c2eabc28-1e5c-78a2-a712-7cc176c44c07 |
|
| Regulatory Compliance | b0e3035d-6366-2e37-796e-8bcab9c649e6 | Establish a threat intelligence program | CMA_0260 - Establish a threat intelligence program | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 b0e3035d-6366-2e37-796e-8bcab9c649e6 |
|
| Regulatory Compliance | aa892c0d-2c40-200c-0dd8-eac8c4748ede | Employ automatic emergency lighting | CMA_0209 - Employ automatic emergency lighting | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 aa892c0d-2c40-200c-0dd8-eac8c4748ede |
|
| Regulatory Compliance | 9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 | Integrate cloud app security with a siem | CMA_0340 - Integrate cloud app security with a siem | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 |
|
| Regulatory Compliance | 70fe686f-1f91-7dab-11bf-bca4201e183b | Review role group changes weekly | CMA_0476 - Review role group changes weekly | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 70fe686f-1f91-7dab-11bf-bca4201e183b |
|
| Regulatory Compliance | 496b407d-9b9e-81e8-4ba4-44bc686b016a | Conduct exit interview upon termination | CMA_0058 - Conduct exit interview upon termination | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 496b407d-9b9e-81e8-4ba4-44bc686b016a |
|
| Regulatory Compliance | 08ad71d0-52be-6503-4908-e015460a16ae | Require use of individual authenticators | CMA_C1305 - Require use of individual authenticators | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 08ad71d0-52be-6503-4908-e015460a16ae |
|
| Regulatory Compliance | f2222056-062d-1060-6dc2-0107a68c34b2 | Manage a secure surveillance camera system | CMA_0354 - Manage a secure surveillance camera system | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 f2222056-062d-1060-6dc2-0107a68c34b2 |
|
| Regulatory Compliance | 98145a9b-428a-7e81-9d14-ebb154a24f93 | View and investigate restricted users | CMA_0545 - View and investigate restricted users | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 98145a9b-428a-7e81-9d14-ebb154a24f93 |
|
| Regulatory Compliance | 0803eaa7-671c-08a7-52fd-ac419f775e75 | Document acquisition contract acceptance criteria | CMA_0187 - Document acquisition contract acceptance criteria | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 0803eaa7-671c-08a7-52fd-ac419f775e75 |
|
| Monitoring | 050a90d5-7cce-483f-8f6c-0df462036dda | Configure Linux Virtual Machine Scale Sets to be associated with a Data Collection Rule | Deploy Association to link Linux virtual machine scale sets to the specified Data Collection Rule. The list of locations and OS images are updated over time as support is increased. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 002 •Log Analytics Contributor •Monitoring Contributor |
change | 2022-09-13 16:35:29 Major (2.0.0 > 3.0.0) |
| Regulatory Compliance | afbecd30-37ee-a27b-8e09-6ac49951a0ee | Establish security requirements for the manufacturing of connected devices | CMA_0279 - Establish security requirements for the manufacturing of connected devices | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 afbecd30-37ee-a27b-8e09-6ac49951a0ee |
|
| Regulatory Compliance | 37dbe3dc-0e9c-24fa-36f2-11197cbfa207 | Ensure authorized users protect provided authenticators | CMA_C1339 - Ensure authorized users protect provided authenticators | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 37dbe3dc-0e9c-24fa-36f2-11197cbfa207 |
|
| Regulatory Compliance | df2e9507-169b-4114-3a52-877561ee3198 | Implement security engineering principles of information systems | CMA_0325 - Implement security engineering principles of information systems | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 df2e9507-169b-4114-3a52-877561ee3198 |
|
| Regulatory Compliance | d93fe1be-13e4-421d-9c21-3158e2fa2667 | Implement plans of action and milestones for security program process | CMA_C1737 - Implement plans of action and milestones for security program process | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 d93fe1be-13e4-421d-9c21-3158e2fa2667 |
|
| Regulatory Compliance | 477bd136-7dd9-55f8-48ac-bae096b86a07 | Develop POA&M | CMA_C1156 - Develop POA&M | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 477bd136-7dd9-55f8-48ac-bae096b86a07 |
|
| Regulatory Compliance | 1e0d5ba8-a433-01aa-829c-86b06c9631ec | Include dynamic reconfig of customer deployed resources | CMA_C1364 - Include dynamic reconfig of customer deployed resources | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 1e0d5ba8-a433-01aa-829c-86b06c9631ec |
|
| Regulatory Compliance | 6b957f60-54cd-5752-44d5-ff5a64366c93 | Develop SSP that meets criteria | CMA_C1492 - Develop SSP that meets criteria | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 6b957f60-54cd-5752-44d5-ff5a64366c93 |
|
| Regulatory Compliance | b8ec9ebb-5b7f-8426-17c1-2bc3fcd54c6e | Implement methods for consumer requests | CMA_0319 - Implement methods for consumer requests | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 b8ec9ebb-5b7f-8426-17c1-2bc3fcd54c6e |
|
| Regulatory Compliance | 37b0045b-3887-367b-8b4d-b9a6fa911bb9 | Assess information security events | CMA_0013 - Assess information security events | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 37b0045b-3887-367b-8b4d-b9a6fa911bb9 |
|
| Regulatory Compliance | 3b30aa25-0f19-6c04-5ca4-bd3f880a763d | Implement parameters for memorized secret verifiers | CMA_0321 - Implement parameters for memorized secret verifiers | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 3b30aa25-0f19-6c04-5ca4-bd3f880a763d |
|
| Regulatory Compliance | aa0ddd99-43eb-302d-3f8f-42b499182960 | Install an alarm system | CMA_0338 - Install an alarm system | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 aa0ddd99-43eb-302d-3f8f-42b499182960 |
|
| Regulatory Compliance | 8b1f29eb-1b22-4217-5337-9207cb55231e | Perform information input validation | CMA_C1723 - Perform information input validation | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 8b1f29eb-1b22-4217-5337-9207cb55231e |
|
| Regulatory Compliance | 9b55929b-0101-47c0-a16e-d6ac5c7d21f8 | Undergo independent security review | CMA_0515 - Undergo independent security review | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 9b55929b-0101-47c0-a16e-d6ac5c7d21f8 |
|
| Regulatory Compliance | c5784049-959f-6067-420c-f4cefae93076 | Coordinate contingency plans with related plans | CMA_0086 - Coordinate contingency plans with related plans | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 c5784049-959f-6067-420c-f4cefae93076 |
|
| Regulatory Compliance | 07b42fb5-027e-5a3c-4915-9d9ef3020ec7 | Discover any indicators of compromise | CMA_C1702 - Discover any indicators of compromise | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 07b42fb5-027e-5a3c-4915-9d9ef3020ec7 |
|
| Regulatory Compliance | 0123edae-3567-a05a-9b05-b53ebe9d3e7e | View and configure system diagnostic data | CMA_0544 - View and configure system diagnostic data | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 0123edae-3567-a05a-9b05-b53ebe9d3e7e |
|
| Regulatory Compliance | e0c480bf-0d68-a42d-4cbb-b60f851f8716 | Implement personnel screening | CMA_0322 - Implement personnel screening | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 e0c480bf-0d68-a42d-4cbb-b60f851f8716 |
|
| Monitoring | 17b3de92-f710-4cf4-aa55-0e7859f1ed7b | [Preview]: Configure system-assigned managed identity to enable Azure Monitor assignments on VMs | Configure system-assigned managed identity to virtual machines hosted in Azure that are supported by Azure Monitor and do not have a system-assigned managed identity. A system-assigned managed identity is a prerequisite for all Azure Monitor assignments and must be added to machines before using any Azure Monitor extension. Target virtual machines must be in a supported location. | Default Modify Allowed Modify, Disabled |
count: 003 •Managed Identity Contributor •Managed Identity Operator •Virtual Machine Contributor |
change | 2022-09-13 16:35:29 Major, suffix remains equal (5.0.0-preview > 6.0.0-preview) |
| Regulatory Compliance | 0461cacd-0b3b-4f66-11c5-81c9b19a3d22 | Verify inaccurate or outdated PII | CMA_C1823 - Verify inaccurate or outdated PII | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 0461cacd-0b3b-4f66-11c5-81c9b19a3d22 |
|
| Regulatory Compliance | 4f23967c-a74b-9a09-9dc2-f566f61a87b9 | Establish backup policies and procedures | CMA_0268 - Establish backup policies and procedures | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 4f23967c-a74b-9a09-9dc2-f566f61a87b9 |
|
| Regulatory Compliance | 7bdb79ea-16b8-453e-4ca4-ad5b16012414 | Transfer backup information to an alternate storage site | CMA_C1294 - Transfer backup information to an alternate storage site | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 7bdb79ea-16b8-453e-4ca4-ad5b16012414 |
|
| Regulatory Compliance | a465e8e9-0095-85cb-a05f-1dd4960d02af | Document security documentation requirements in acquisition contract | CMA_0200 - Document security documentation requirements in acquisition contract | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 a465e8e9-0095-85cb-a05f-1dd4960d02af |
|
| Regulatory Compliance | dbcef108-7a04-38f5-8609-99da110a2a57 | Determine information protection needs | CMA_C1750 - Determine information protection needs | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 dbcef108-7a04-38f5-8609-99da110a2a57 |
|
| Regulatory Compliance | 1beb1269-62ee-32cd-21ad-43d6c9750eb6 | Ensure privacy program information is publicly available | CMA_C1867 - Ensure privacy program information is publicly available | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 1beb1269-62ee-32cd-21ad-43d6c9750eb6 |
|
| Regulatory Compliance | 423f6d9c-0c73-9cc6-64f4-b52242490368 | Develop security safeguards | CMA_0161 - Develop security safeguards | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 423f6d9c-0c73-9cc6-64f4-b52242490368 |
|
| Regulatory Compliance | 7a489c62-242c-5db9-74df-c073056d6fa3 | Designate personnel to supervise unauthorized maintenance activities | CMA_C1422 - Designate personnel to supervise unauthorized maintenance activities | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 7a489c62-242c-5db9-74df-c073056d6fa3 |
|
| Regulatory Compliance | 1cb7bf71-841c-4741-438a-67c65fdd7194 | Provide security training for new users | CMA_0419 - Provide security training for new users | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 1cb7bf71-841c-4741-438a-67c65fdd7194 |
|
| Regulatory Compliance | 921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 | Establish authenticator types and processes | CMA_0267 - Establish authenticator types and processes | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 |
|
| Monitoring | 2ea82cdd-f2e8-4500-af75-67a2e084ca74 | Configure Linux Machines to be associated with a Data Collection Rule | Deploy Association to link Linux virtual machines, virtual machine scale sets, and Arc machines to the specified Data Collection Rule. The list of locations and OS images are updated over time as support is increased. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 002 •Log Analytics Contributor •Monitoring Contributor |
change | 2022-09-13 16:35:29 Major (4.0.0 > 5.0.0) |
| Regulatory Compliance | 68a39c2b-0f17-69ee-37a3-aa10f9853a08 | Establish voip usage restrictions | CMA_0280 - Establish voip usage restrictions | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 68a39c2b-0f17-69ee-37a3-aa10f9853a08 |
|
| Monitoring | a4034bc6-ae50-406d-bf76-50f4ee5a7811 | Configure Linux virtual machines to run Azure Monitor Agent with system-assigned managed identity-based authentication | Automate the deployment of Azure Monitor Agent extension on your Linux virtual machines for collecting telemetry data from the guest OS. This policy will install the extension if the OS and region are supported and system-assigned managed identity is enabled, and skip install otherwise. Learn more: https://aka.ms/AMAOverview. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 001 •Virtual Machine Contributor |
change | 2022-09-13 16:35:29 Major (2.1.0 > 3.0.0) |
| Regulatory Compliance | 2b05dca2-25ec-9335-495c-29155f785082 | Provide security training before providing access | CMA_0418 - Provide security training before providing access | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 2b05dca2-25ec-9335-495c-29155f785082 |
|
| Regulatory Compliance | ffdaa742-0d6f-726f-3eac-6e6c34e36c93 | Establish usage restrictions for mobile code technologies | CMA_C1652 - Establish usage restrictions for mobile code technologies | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 ffdaa742-0d6f-726f-3eac-6e6c34e36c93 |
|
| Regulatory Compliance | 6228396e-2ace-7ca5-3247-45767dbf52f4 | Notify personnel upon sanctions | CMA_0380 - Notify personnel upon sanctions | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 6228396e-2ace-7ca5-3247-45767dbf52f4 |
|
| Regulatory Compliance | 5decc032-95bd-2163-9549-a41aba83228e | Implement formal sanctions process | CMA_0317 - Implement formal sanctions process | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 5decc032-95bd-2163-9549-a41aba83228e |
|
| Regulatory Compliance | f8ded0c6-a668-9371-6bb6-661d58787198 | Monitor third-party provider compliance | CMA_C1533 - Monitor third-party provider compliance | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 f8ded0c6-a668-9371-6bb6-661d58787198 |
|
| Regulatory Compliance | 426c172c-9914-10d1-25dd-669641fc1af4 | Enable detection of network devices | CMA_0220 - Enable detection of network devices | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 426c172c-9914-10d1-25dd-669641fc1af4 |
|
| Regulatory Compliance | f27a298f-9443-014a-0d40-fef12adf0259 | Review administrator assignments weekly | CMA_0461 - Review administrator assignments weekly | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 f27a298f-9443-014a-0d40-fef12adf0259 |
|
| Regulatory Compliance | 60ee1260-97f0-61bb-8155-5d8b75743655 | Separate duties of individuals | CMA_0492 - Separate duties of individuals | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 60ee1260-97f0-61bb-8155-5d8b75743655 |
|
| Regulatory Compliance | 36b74844-4a99-4c80-1800-b18a516d1585 | Control use of portable storage devices | CMA_0083 - Control use of portable storage devices | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 36b74844-4a99-4c80-1800-b18a516d1585 |
|
| Regulatory Compliance | 04b3e7f6-4841-888d-4799-cda19a0084f6 | Document and implement wireless access guidelines | CMA_0190 - Document and implement wireless access guidelines | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 04b3e7f6-4841-888d-4799-cda19a0084f6 |
|
| Regulatory Compliance | 2d4d0e90-32d9-4deb-2166-a00d51ed57c0 | Provide information spillage training | CMA_0413 - Provide information spillage training | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 2d4d0e90-32d9-4deb-2166-a00d51ed57c0 |
|
| Regulatory Compliance | cc057769-01d9-95ad-a36f-1e62a7f9540b | Update POA&M items | CMA_C1157 - Update POA&M items | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 cc057769-01d9-95ad-a36f-1e62a7f9540b |
|
| Regulatory Compliance | 80a97208-264e-79da-0cc7-4fca179a0c9c | Protect against and prevent data theft from departing employees | CMA_0398 - Protect against and prevent data theft from departing employees | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 80a97208-264e-79da-0cc7-4fca179a0c9c |
|
| Regulatory Compliance | 6122970b-8d4a-7811-0278-4c6c68f61e4f | Restrict media use | CMA_0450 - Restrict media use | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 6122970b-8d4a-7811-0278-4c6c68f61e4f |
|
| Regulatory Compliance | 516be556-1353-080d-2c2f-f46f000d5785 | Provide periodic security awareness training | CMA_C1091 - Provide periodic security awareness training | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 516be556-1353-080d-2c2f-f46f000d5785 |
|
| Regulatory Compliance | c246d146-82b0-301f-32e7-1065dcd248b7 | Review changes for any unauthorized changes | CMA_C1204 - Review changes for any unauthorized changes | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 c246d146-82b0-301f-32e7-1065dcd248b7 |
|
| Regulatory Compliance | 5020f3f4-a579-2f28-72a8-283c5a0b15f9 | Restrict communications | CMA_0449 - Restrict communications | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 5020f3f4-a579-2f28-72a8-283c5a0b15f9 |
|
| Regulatory Compliance | 0a24f5dc-8c40-94a7-7aee-bb7cd4781d37 | Issue guidelines for ensuring data quality and integrity | CMA_C1824 - Issue guidelines for ensuring data quality and integrity | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 0a24f5dc-8c40-94a7-7aee-bb7cd4781d37 |
|
| Regulatory Compliance | 93fa357f-2e38-22a9-5138-8cc5124e1923 | Categorize information | CMA_0052 - Categorize information | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 93fa357f-2e38-22a9-5138-8cc5124e1923 |
|
| Monitoring | 56a3e4f8-649b-4fac-887e-5564d11e8d3a | Configure Linux virtual machine scale sets to run Azure Monitor Agent with system-assigned managed identity-based authentication | Automate the deployment of Azure Monitor Agent extension on your Linux virtual machine scale sets for collecting telemetry data from the guest OS. This policy will install the extension if the OS and region are supported and system-assigned managed identity is enabled, and skip install otherwise. Learn more: https://aka.ms/AMAOverview. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 001 •Virtual Machine Contributor |
change | 2022-09-13 16:35:29 Major (2.1.0 > 3.0.0) |
| Regulatory Compliance | 79c75b38-334b-1a69-65e0-a9d929a42f75 | Document the legal basis for processing personal information | CMA_0206 - Document the legal basis for processing personal information | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 79c75b38-334b-1a69-65e0-a9d929a42f75 |
|
| Regulatory Compliance | 1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 | Develop security assessment plan | CMA_C1144 - Develop security assessment plan | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 |
|
| Regulatory Compliance | 8747b573-8294-86a0-8914-49e9b06a5ace | Establish configuration management requirements for developers | CMA_0270 - Establish configuration management requirements for developers | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 8747b573-8294-86a0-8914-49e9b06a5ace |
|
| Regulatory Compliance | 2af551d5-1775-326a-0589-590bfb7e9eb2 | Limit privileges to make changes in production environment | CMA_C1206 - Limit privileges to make changes in production environment | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 2af551d5-1775-326a-0589-590bfb7e9eb2 |
|
| Regulatory Compliance | eaaae23f-92c9-4460-51cf-913feaea4d52 | Employ a media sanitization mechanism | CMA_0208 - Employ a media sanitization mechanism | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 eaaae23f-92c9-4460-51cf-913feaea4d52 |
|
| Regulatory Compliance | 62fa14f0-4cbe-762d-5469-0899a99b98aa | Explicitly notify use of collaborative computing devices | CMA_C1649 - Explicitly notify use of collaborative computing devices | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 62fa14f0-4cbe-762d-5469-0899a99b98aa |
|
| Regulatory Compliance | d18af1ac-0086-4762-6dc8-87cdded90e39 | Perform a privacy impact assessment | CMA_0387 - Perform a privacy impact assessment | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 d18af1ac-0086-4762-6dc8-87cdded90e39 |
|
| Regulatory Compliance | 5e4e9685-3818-5934-0071-2620c4fa2ca5 | Retain previous versions of baseline configs | CMA_C1181 - Retain previous versions of baseline configs | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 5e4e9685-3818-5934-0071-2620c4fa2ca5 |
|
| Regulatory Compliance | 069101ac-4578-31da-0cd4-ff083edd3eb4 | Obtain consent prior to collection or processing of personal data | CMA_0385 - Obtain consent prior to collection or processing of personal data | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 069101ac-4578-31da-0cd4-ff083edd3eb4 |
|
| Regulatory Compliance | c2cb4658-44dc-9d11-3dad-7c6802dd5ba3 | Generate error messages | CMA_C1724 - Generate error messages | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 c2cb4658-44dc-9d11-3dad-7c6802dd5ba3 |
|
| Regulatory Compliance | d42a8f69-a193-6cbc-48b9-04a9e29961f1 | Protect wireless access | CMA_0411 - Protect wireless access | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 d42a8f69-a193-6cbc-48b9-04a9e29961f1 |
|
| Regulatory Compliance | 4781e5fd-76b8-7d34-6df3-a0a7fca47665 | Prevent identifier reuse for the defined time period | CMA_C1314 - Prevent identifier reuse for the defined time period | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 4781e5fd-76b8-7d34-6df3-a0a7fca47665 |
|
| Regulatory Compliance | 509552f5-6528-3540-7959-fbeae4832533 | Enforce rules of behavior and access agreements | CMA_0248 - Enforce rules of behavior and access agreements | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 509552f5-6528-3540-7959-fbeae4832533 |
|
| Regulatory Compliance | 13efd2d7-3980-a2a4-39d0-527180c009e8 | Document security assurance requirements in acquisition contracts | CMA_0199 - Document security assurance requirements in acquisition contracts | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 13efd2d7-3980-a2a4-39d0-527180c009e8 |
|
| Regulatory Compliance | e89436d8-6a93-3b62-4444-1d2a42ad56b2 | Reevaluate access upon personnel transfer | CMA_0424 - Reevaluate access upon personnel transfer | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 e89436d8-6a93-3b62-4444-1d2a42ad56b2 |
|
| Regulatory Compliance | af227964-5b8b-22a2-9364-06d2cb9d6d7c | Develop information security policies and procedures | CMA_0158 - Develop information security policies and procedures | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 af227964-5b8b-22a2-9364-06d2cb9d6d7c |
|
| Regulatory Compliance | b8a9bb2f-7290-3259-85ce-dca7d521302d | Initiate transfer or reassignment actions | CMA_0333 - Initiate transfer or reassignment actions | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 b8a9bb2f-7290-3259-85ce-dca7d521302d |
|
| Regulatory Compliance | 055da733-55c6-9e10-8194-c40731057ec4 | Develop and maintain a vulnerability management standard | CMA_0152 - Develop and maintain a vulnerability management standard | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 055da733-55c6-9e10-8194-c40731057ec4 |
|
| Regulatory Compliance | 623b5f0a-8cbd-03a6-4892-201d27302f0c | Define information system account types | CMA_0121 - Define information system account types | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 623b5f0a-8cbd-03a6-4892-201d27302f0c |
|
| Regulatory Compliance | f48b60c6-4b37-332f-7288-b6ea50d300eb | Review controlled folder access events | CMA_0471 - Review controlled folder access events | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 f48b60c6-4b37-332f-7288-b6ea50d300eb |
|
| Regulatory Compliance | 43ac3ccb-4ef6-7d63-9a3f-6848485ba4e8 | Automate process to document implemented changes | CMA_C1195 - Automate process to document implemented changes | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 43ac3ccb-4ef6-7d63-9a3f-6848485ba4e8 |
|
| Regulatory Compliance | 9c93ef57-7000-63fb-9b74-88f2e17ca5d2 | Disseminate security alerts to personnel | CMA_C1705 - Disseminate security alerts to personnel | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 9c93ef57-7000-63fb-9b74-88f2e17ca5d2 |
|
| Regulatory Compliance | 585af6e9-90c0-4575-67a7-2f9548972e32 | Review and reevaluate privileges | CMA_C1207 - Review and reevaluate privileges | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 585af6e9-90c0-4575-67a7-2f9548972e32 |
|
| Regulatory Compliance | d78f95ba-870a-a500-6104-8a5ce2534f19 | Document protection of security information in acquisition contracts | CMA_0195 - Document protection of security information in acquisition contracts | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 d78f95ba-870a-a500-6104-8a5ce2534f19 |
|
| Regulatory Compliance | 098a7b84-1031-66d8-4e78-bd15b5fd2efb | Provide privacy notice | CMA_0414 - Provide privacy notice | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 098a7b84-1031-66d8-4e78-bd15b5fd2efb |
|
| Regulatory Compliance | 8c5d3d8d-5cba-0def-257c-5ab9ea9644dc | Perform a risk assessment | CMA_0388 - Perform a risk assessment | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 8c5d3d8d-5cba-0def-257c-5ab9ea9644dc |
|
| Regulatory Compliance | 291f20d4-8d93-1d73-89f3-6ce28b825563 | Authorize, monitor, and control usage of mobile code technologies | CMA_C1653 - Authorize, monitor, and control usage of mobile code technologies | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 291f20d4-8d93-1d73-89f3-6ce28b825563 |
|
| Regulatory Compliance | a08b18c7-9e0a-89f1-3696-d80902196719 | Document access privileges | CMA_0186 - Document access privileges | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 a08b18c7-9e0a-89f1-3696-d80902196719 |
|
| Regulatory Compliance | 6c0a312f-04c5-5c97-36a5-e56763a02b6b | Review and sign revised rules of behavior | CMA_0465 - Review and sign revised rules of behavior | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 6c0a312f-04c5-5c97-36a5-e56763a02b6b |
|
| Regulatory Compliance | 10874318-0bf7-a41f-8463-03e395482080 | Correlate audit records | CMA_0087 - Correlate audit records | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 10874318-0bf7-a41f-8463-03e395482080 |
|
| Regulatory Compliance | b5a4be05-3997-1731-3260-98be653610f6 | Perform disposition review | CMA_0391 - Perform disposition review | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 b5a4be05-3997-1731-3260-98be653610f6 |
|
| Regulatory Compliance | 4ac81669-00e2-9790-8648-71bc11bc91eb | Manage the transportation of assets | CMA_0370 - Manage the transportation of assets | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 4ac81669-00e2-9790-8648-71bc11bc91eb |
|
| Regulatory Compliance | a8f9c283-9a66-3eb3-9e10-bdba95b85884 | Run simulation attacks | CMA_0486 - Run simulation attacks | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 a8f9c283-9a66-3eb3-9e10-bdba95b85884 |
|
| Regulatory Compliance | 5b802722-71dd-a13d-2e7e-231e09589efb | Implement privileged access for executing vulnerability scanning activities | CMA_C1555 - Implement privileged access for executing vulnerability scanning activities | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 5b802722-71dd-a13d-2e7e-231e09589efb |
|
| Regulatory Compliance | b6b32f80-a133-7600-301e-398d688e7e0c | Evaluate and review PII holdings regularly | CMA_C1832 - Evaluate and review PII holdings regularly | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 b6b32f80-a133-7600-301e-398d688e7e0c |
|
| Regulatory Compliance | 5715bf33-a5bd-1084-4e19-bc3c83ec1c35 | Establish terms and conditions for processing resources | CMA_C1077 - Establish terms and conditions for processing resources | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 5715bf33-a5bd-1084-4e19-bc3c83ec1c35 |
|
| Regulatory Compliance | 21633c09-804e-7fcd-78e3-635c6bfe2be7 | Provide capability to process customer-controlled audit records | CMA_C1126 - Provide capability to process customer-controlled audit records | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 21633c09-804e-7fcd-78e3-635c6bfe2be7 |
|
| Regulatory Compliance | 8e49107c-3338-40d1-02aa-d524178a2afe | Deliver security assessment results | CMA_C1147 - Deliver security assessment results | Default Manual Allowed Manual, Disabled |
add | 2022-09-13 16:35:29 8e49107c-3338-40d1-02aa-d524178a2afe |
|
| Regulatory Compliance | bd4dc286-2f30-5b95-777c-681f3a7913d3 | Establish and document change control processes | CMA_0265 - Establish and document change control processes | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 bd4dc286-2f30-5b95-777c-681f3a7913d3 |
|
| Regulatory Compliance | b8dad106-6444-5f55-307e-1e1cc9723e39 | Ensure cryptographic mechanisms are under configuration management | CMA_C1199 - Ensure cryptographic mechanisms are under configuration management | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 b8dad106-6444-5f55-307e-1e1cc9723e39 |
|
| Regulatory Compliance | 056a723b-4946-9d2a-5243-3aa27c4d31a1 | Satisfy token quality requirements | CMA_0487 - Satisfy token quality requirements | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 056a723b-4946-9d2a-5243-3aa27c4d31a1 |
|
| Regulatory Compliance | b11697e8-9515-16f1-7a35-477d5c8a1344 | Protect data in transit using encryption | CMA_0403 - Protect data in transit using encryption | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 b11697e8-9515-16f1-7a35-477d5c8a1344 |
|
| Regulatory Compliance | a3e98638-51d4-4e28-910a-60e98c1a756f | Configure Azure Audit capabilities | CMA_C1108 - Configure Azure Audit capabilities | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 a3e98638-51d4-4e28-910a-60e98c1a756f |
|
| Regulatory Compliance | 1d39b5d9-0392-8954-8359-575ce1957d1a | Support personal verification credentials issued by legal authorities | CMA_0507 - Support personal verification credentials issued by legal authorities | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 1d39b5d9-0392-8954-8359-575ce1957d1a |
|
| Regulatory Compliance | 6625638f-3ba1-7404-5983-0ea33d719d34 | Review audit data | CMA_0466 - Review audit data | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 6625638f-3ba1-7404-5983-0ea33d719d34 |
|
| Regulatory Compliance | af38215f-70c4-0cd6-40c2-c52d86690a45 | Set automated notifications for new and trending cloud applications in your organization | CMA_0495 - Set automated notifications for new and trending cloud applications in your organization | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 af38215f-70c4-0cd6-40c2-c52d86690a45 |
|
| Regulatory Compliance | b53aa659-513e-032c-52e6-1ce0ba46582f | Configure actions for noncompliant devices | CMA_0062 - Configure actions for noncompliant devices | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 b53aa659-513e-032c-52e6-1ce0ba46582f |
|
| Regulatory Compliance | 3d492600-27ba-62cc-a1c3-66eb919f6a0d | Document remote access guidelines | CMA_0196 - Document remote access guidelines | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 3d492600-27ba-62cc-a1c3-66eb919f6a0d |
|
| Regulatory Compliance | c0559109-6a27-a217-6821-5a6d44f92897 | Maintain integrity of audit system | CMA_C1133 - Maintain integrity of audit system | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 c0559109-6a27-a217-6821-5a6d44f92897 |
|
| Regulatory Compliance | e714b481-8fac-64a2-14a9-6f079b2501a4 | Use privileged identity management | CMA_0533 - Use privileged identity management | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 e714b481-8fac-64a2-14a9-6f079b2501a4 |
|
| Regulatory Compliance | 7380631c-5bf5-0e3a-4509-0873becd8a63 | Establish a configuration control board | CMA_0254 - Establish a configuration control board | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 7380631c-5bf5-0e3a-4509-0873becd8a63 |
|
| Regulatory Compliance | 2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 | Enable dual or joint authorization | CMA_0226 - Enable dual or joint authorization | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 |
|
| Regulatory Compliance | 48c816c5-2190-61fc-8806-25d6f3df162f | Monitor access across the organization | CMA_0376 - Monitor access across the organization | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 48c816c5-2190-61fc-8806-25d6f3df162f |
|
| Security Center | 951c1558-50a5-4ca3-abb6-a93e3e2367a6 | Configure Microsoft Defender for SQL to be enabled on Synapse workspaces | Enable Microsoft Defender for SQL on your Azure Synapse workspaces to detect anomalous activities indicating unusual and potentially harmful attempts to access or exploit SQL databases. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 001 •SQL Security Manager |
add | 2022-09-02 16:33:37 951c1558-50a5-4ca3-abb6-a93e3e2367a6 |
| Regulatory Compliance | 55a7f9a0-6397-7589-05ef-5ed59a8149e7 | Control physical access | CMA_0081 - Control physical access | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 55a7f9a0-6397-7589-05ef-5ed59a8149e7 |
|
| Regulatory Compliance | 63f63e71-6c3f-9add-4c43-64de23e554a7 | Manage gateways | CMA_0363 - Manage gateways | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 63f63e71-6c3f-9add-4c43-64de23e554a7 |
|
| Regulatory Compliance | fad161f5-5261-401a-22dd-e037bae011bd | Review threat protection status weekly | CMA_0479 - Review threat protection status weekly | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 fad161f5-5261-401a-22dd-e037bae011bd |
|
| Regulatory Compliance | de770ba6-50dd-a316-2932-e0d972eaa734 | Require approval for account creation | CMA_0431 - Require approval for account creation | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 de770ba6-50dd-a316-2932-e0d972eaa734 |
|
| Guest Configuration | 2454bbee-dc19-442f-83fc-7f3114cafd91 | Windows machines should use the default NTP server | Setup the 'time.windows.com' as the default NTP Server for all Windows machines to ensure logs across all systems have system clocks that are all in sync. This policy requires that the Guest Configuration prerequisites have been deployed to the policy assignment scope. For more information on Guest Configuration, visit https://aka.ms/gcpol. | Default AuditIfNotExists Allowed AuditIfNotExists, Disabled |
add | 2022-09-02 16:33:37 2454bbee-dc19-442f-83fc-7f3114cafd91 |
|
| Regulatory Compliance | e4b00788-7e1c-33ec-0418-d048508e095b | Implement training for protecting authenticators | CMA_0329 - Implement training for protecting authenticators | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 e4b00788-7e1c-33ec-0418-d048508e095b |
|
| Security Center | d31e5c31-63b2-4f12-887b-e49456834fa1 | Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces | Enable Defender for SQL to protect your Synapse workspaces. Defender for SQL monitors your Synapse SQL to detect anomalous activities indicating unusual and potentially harmful attempts to access or exploit databases. | Default AuditIfNotExists Allowed AuditIfNotExists, Disabled |
add | 2022-09-02 16:33:37 d31e5c31-63b2-4f12-887b-e49456834fa1 |
|
| Regulatory Compliance | 2f67e567-03db-9d1f-67dc-b6ffb91312f4 | Determine auditable events | CMA_0137 - Determine auditable events | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 2f67e567-03db-9d1f-67dc-b6ffb91312f4 |
|
| Regulatory Compliance | 49c23d9b-02b0-0e42-4f94-e8cef1b8381b | Audit user account status | CMA_0020 - Audit user account status | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 49c23d9b-02b0-0e42-4f94-e8cef1b8381b |
|
| Regulatory Compliance | be38a620-000b-21cf-3cb3-ea151b704c3b | Remediate information system flaws | CMA_0427 - Remediate information system flaws | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 be38a620-000b-21cf-3cb3-ea151b704c3b |
|
| Guest Configuration | d96163de-dbe0-45ac-b803-0e9ca0f5764e | Windows machines should configure Windows Defender to update protection signatures within one day | To provide adequate protection against newly released malware, Windows Defender protection signatures need to be updated regularly to account for newly released malware. This policy requires that the Guest Configuration prerequisites have been deployed to the policy assignment scope. For more information on Guest Configuration, visit https://aka.ms/gcpol. | Default AuditIfNotExists Allowed AuditIfNotExists, Disabled |
add | 2022-09-02 16:33:37 d96163de-dbe0-45ac-b803-0e9ca0f5764e |
|
| Regulatory Compliance | d661e9eb-4e15-5ba1-6f02-cdc467db0d6c | Define organizational requirements for cryptographic key management | CMA_0123 - Define organizational requirements for cryptographic key management | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 d661e9eb-4e15-5ba1-6f02-cdc467db0d6c |
|
| Regulatory Compliance | cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e | Implement controls to secure alternate work sites | CMA_0315 - Implement controls to secure alternate work sites | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e |
|
| Regulatory Compliance | 398fdbd8-56fd-274d-35c6-fa2d3b2755a1 | Establish firewall and router configuration standards | CMA_0272 - Establish firewall and router configuration standards | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 398fdbd8-56fd-274d-35c6-fa2d3b2755a1 |
|
| Regulatory Compliance | 34d38ea7-6754-1838-7031-d7fd07099821 | Manage system and admin accounts | CMA_0368 - Manage system and admin accounts | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 34d38ea7-6754-1838-7031-d7fd07099821 |
|
| Regulatory Compliance | 3ad7f0bc-3d03-0585-4d24-529779bb02c2 | Maintain availability of information | CMA_C1644 - Maintain availability of information | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 3ad7f0bc-3d03-0585-4d24-529779bb02c2 |
|
| Guest Configuration | b3248a42-b1c1-41a4-87bc-8bad3d845589 | Windows machines should enable Windows Defender Real-time protection | Windows machines should enable the Real-time protection in the Windows Defender to provide adequate protection against newly released malware. This policy requires that the Guest Configuration prerequisites have been deployed to the policy assignment scope. For more information on Guest Configuration, visit https://aka.ms/gcpol. | Default AuditIfNotExists Allowed AuditIfNotExists, Disabled |
add | 2022-09-02 16:33:37 b3248a42-b1c1-41a4-87bc-8bad3d845589 |
|
| Regulatory Compliance | 86ecd378-a3a0-5d5b-207c-05e6aaca43fc | Detect network services that have not been authorized or approved | CMA_C1700 - Detect network services that have not been authorized or approved | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 86ecd378-a3a0-5d5b-207c-05e6aaca43fc |
|
| Regulatory Compliance | 03b6427e-6072-4226-4bd9-a410ab65317e | Design an access control model | CMA_0129 - Design an access control model | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 03b6427e-6072-4226-4bd9-a410ab65317e |
|
| Regulatory Compliance | 7805a343-275c-41be-9d62-7215b96212d8 | Reassign or remove user privileges as needed | CMA_C1040 - Reassign or remove user privileges as needed | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 7805a343-275c-41be-9d62-7215b96212d8 |
|
| Regulatory Compliance | 10c4210b-3ec9-9603-050d-77e4d26c7ebb | Enforce logical access | CMA_0245 - Enforce logical access | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 10c4210b-3ec9-9603-050d-77e4d26c7ebb |
|
| Regulatory Compliance | e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 | Manage the input, output, processing, and storage of data | CMA_0369 - Manage the input, output, processing, and storage of data | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 |
|
| Regulatory Compliance | c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 | Define cryptographic use | CMA_0120 - Define cryptographic use | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 |
|
| Regulatory Compliance | 5fc24b95-53f7-0ed1-2330-701b539b97fe | Turn on sensors for endpoint security solution | CMA_0514 - Turn on sensors for endpoint security solution | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 5fc24b95-53f7-0ed1-2330-701b539b97fe |
|
| Regulatory Compliance | 7c7032fe-9ce6-9092-5890-87a1a3755db1 | Retain terminated user data | CMA_0455 - Retain terminated user data | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 7c7032fe-9ce6-9092-5890-87a1a3755db1 |
|
| Regulatory Compliance | 3d399cf3-8fc6-0efc-6ab0-1412f1198517 | Block untrusted and unsigned processes that run from USB | CMA_0050 - Block untrusted and unsigned processes that run from USB | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 3d399cf3-8fc6-0efc-6ab0-1412f1198517 |
|
| Regulatory Compliance | efef28d0-3226-966a-a1e8-70e89c1b30bc | Retain security policies and procedures | CMA_0454 - Retain security policies and procedures | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 efef28d0-3226-966a-a1e8-70e89c1b30bc |
|
| Regulatory Compliance | ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 | Update antivirus definitions | CMA_0517 - Update antivirus definitions | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 |
|
| Regulatory Compliance | ece8bb17-4080-5127-915f-dc7267ee8549 | Verify security functions | CMA_C1708 - Verify security functions | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 ece8bb17-4080-5127-915f-dc7267ee8549 |
|
| Regulatory Compliance | 873895e8-0e3a-6492-42e9-22cd030e9fcd | Restrict access to privileged accounts | CMA_0446 - Restrict access to privileged accounts | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 873895e8-0e3a-6492-42e9-22cd030e9fcd |
|
| Regulatory Compliance | 2cc9c165-46bd-9762-5739-d2aae5ba90a1 | Automate account management | CMA_0026 - Automate account management | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 2cc9c165-46bd-9762-5739-d2aae5ba90a1 |
|
| Regulatory Compliance | 59bedbdc-0ba9-39b9-66bb-1d1c192384e6 | Control information flow | CMA_0079 - Control information flow | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 59bedbdc-0ba9-39b9-66bb-1d1c192384e6 |
|
| Regulatory Compliance | 4a6f5cbd-6c6b-006f-2bb1-091af1441bce | Review malware detections report weekly | CMA_0475 - Review malware detections report weekly | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 4a6f5cbd-6c6b-006f-2bb1-091af1441bce |
|
| Regulatory Compliance | 79365f13-8ba4-1f6c-2ac4-aa39929f56d0 | Employ flow control mechanisms of encrypted information | CMA_0211 - Employ flow control mechanisms of encrypted information | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 79365f13-8ba4-1f6c-2ac4-aa39929f56d0 |
|
| Regulatory Compliance | 6f1de470-79f3-1572-866e-db0771352fc8 | Authenticate to cryptographic module | CMA_0021 - Authenticate to cryptographic module | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 6f1de470-79f3-1572-866e-db0771352fc8 |
|
| Regulatory Compliance | 97d91b33-7050-237b-3e23-a77d57d84e13 | Issue public key certificates | CMA_0347 - Issue public key certificates | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 97d91b33-7050-237b-3e23-a77d57d84e13 |
|
| Security Center | f85bf3e0-d513-442e-89c3-1784ad63382b | [Preview]: System updates should be installed on your machines (powered by Update Center) | Your machines are missing system, security, and critical updates. Software updates often include critical patches to security holes. Such holes are frequently exploited in malware attacks so it's vital to keep your software updated. To install all outstanding patches and secure your machines, follow the remediation steps. | Default AuditIfNotExists Allowed AuditIfNotExists, Disabled |
add | 2022-09-02 16:33:37 f85bf3e0-d513-442e-89c3-1784ad63382b |
|
| Storage | f81e3117-0093-4b17-8a60-82363134f0eb | Configure secure transfer of data on a storage account | Secure transfer is an option that forces storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking | Default Modify Allowed Modify, Disabled |
count: 001 •Storage Account Contributor |
add | 2022-09-02 16:33:37 f81e3117-0093-4b17-8a60-82363134f0eb |
| Regulatory Compliance | 3c9aa856-6b86-35dc-83f4-bc72cec74dea | Establish a data leakage management procedure | CMA_0255 - Establish a data leakage management procedure | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 3c9aa856-6b86-35dc-83f4-bc72cec74dea |
|
| Regulatory Compliance | dad8a2e9-6f27-4fc2-8933-7e99fe700c9c | Authorize remote access | CMA_0024 - Authorize remote access | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 dad8a2e9-6f27-4fc2-8933-7e99fe700c9c |
|
| Regulatory Compliance | 2f20840e-7925-221c-725d-757442753e7c | Develop and maintain baseline configurations | CMA_0153 - Develop and maintain baseline configurations | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 2f20840e-7925-221c-725d-757442753e7c |
|
| Regulatory Compliance | 8d140e8b-76c7-77de-1d46-ed1b2e112444 | Restrict access to private keys | CMA_0445 - Restrict access to private keys | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 8d140e8b-76c7-77de-1d46-ed1b2e112444 |
|
| Regulatory Compliance | 333b4ada-4a02-0648-3d4d-d812974f1bb2 | Govern and monitor audit processing activities | CMA_0289 - Govern and monitor audit processing activities | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 333b4ada-4a02-0648-3d4d-d812974f1bb2 |
|
| Regulatory Compliance | 4502e506-5f35-0df4-684f-b326e3cc7093 | Terminate user session automatically | CMA_C1054 - Terminate user session automatically | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 4502e506-5f35-0df4-684f-b326e3cc7093 |
|
| Regulatory Compliance | 058e9719-1ff9-3653-4230-23f76b6492e0 | Enforce security configuration settings | CMA_0249 - Enforce security configuration settings | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 058e9719-1ff9-3653-4230-23f76b6492e0 |
|
| Regulatory Compliance | c7fddb0e-3f44-8635-2b35-dc6b8e740b7c | Identify and manage downstream information exchanges | CMA_0298 - Identify and manage downstream information exchanges | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 c7fddb0e-3f44-8635-2b35-dc6b8e740b7c |
|
| Regulatory Compliance | 0e696f5a-451f-5c15-5532-044136538491 | Protect audit information | CMA_0401 - Protect audit information | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 0e696f5a-451f-5c15-5532-044136538491 |
|
| Regulatory Compliance | 7a0ecd94-3699-5273-76a5-edb8499f655a | Determine assertion requirements | CMA_0136 - Determine assertion requirements | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 7a0ecd94-3699-5273-76a5-edb8499f655a |
|
| Regulatory Compliance | a315c657-4a00-8eba-15ac-44692ad24423 | Protect special information | CMA_0409 - Protect special information | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 a315c657-4a00-8eba-15ac-44692ad24423 |
|
| Regulatory Compliance | 32f22cfa-770b-057c-965b-450898425519 | Revoke privileged roles as appropriate | CMA_0483 - Revoke privileged roles as appropriate | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 32f22cfa-770b-057c-965b-450898425519 |
|
| Regulatory Compliance | eb1c944e-0e94-647b-9b7e-fdb8d2af0838 | Review user groups and applications with access to sensitive data | CMA_0481 - Review user groups and applications with access to sensitive data | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 eb1c944e-0e94-647b-9b7e-fdb8d2af0838 |
|
| Regulatory Compliance | 518eafdd-08e5-37a9-795b-15a8d798056d | Provide privacy training | CMA_0415 - Provide privacy training | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 518eafdd-08e5-37a9-795b-15a8d798056d |
|
| Regulatory Compliance | 83dfb2b8-678b-20a0-4c44-5c75ada023e6 | Document mobility training | CMA_0191 - Document mobility training | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 83dfb2b8-678b-20a0-4c44-5c75ada023e6 |
|
| Regulatory Compliance | aeed863a-0f56-429f-945d-8bb66bd06841 | Authorize access to security functions and information | CMA_0022 - Authorize access to security functions and information | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 aeed863a-0f56-429f-945d-8bb66bd06841 |
|
| Regulatory Compliance | e3905a3c-97e7-0b4f-15fb-465c0927536f | Correlate Vulnerability scan information | CMA_C1558 - Correlate Vulnerability scan information | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 e3905a3c-97e7-0b4f-15fb-465c0927536f |
|
| Regulatory Compliance | 51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 | Define a physical key management process | CMA_0115 - Define a physical key management process | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 |
|
| Regulatory Compliance | e336d5f4-4d8f-0059-759c-ae10f63d1747 | Enforce user uniqueness | CMA_0250 - Enforce user uniqueness | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 e336d5f4-4d8f-0059-759c-ae10f63d1747 |
|
| Regulatory Compliance | b1666a13-8f67-9c47-155e-69e027ff6823 | Enforce mandatory and discretionary access control policies | CMA_0246 - Enforce mandatory and discretionary access control policies | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 b1666a13-8f67-9c47-155e-69e027ff6823 |
|
| Regulatory Compliance | 79f081c7-1634-01a1-708e-376197999289 | Review user accounts | CMA_0480 - Review user accounts | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 79f081c7-1634-01a1-708e-376197999289 |
|
| Storage | 13502221-8df0-4414-9937-de9c5c4e396b | Configure your Storage account public access to be disallowed | Anonymous public read access to containers and blobs in Azure Storage is a convenient way to share data but might present security risks. To prevent data breaches caused by undesired anonymous access, Microsoft recommends preventing public access to a storage account unless your scenario requires it. | Default Modify Allowed Modify, Disabled |
count: 001 •Storage Account Contributor |
add | 2022-09-02 16:33:37 13502221-8df0-4414-9937-de9c5c4e396b |
| Regulatory Compliance | e435f7e3-0dd9-58c9-451f-9b44b96c0232 | Implement controls to secure all media | CMA_0314 - Implement controls to secure all media | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 e435f7e3-0dd9-58c9-451f-9b44b96c0232 |
|
| Regulatory Compliance | 2b4e134f-1e4c-2bff-573e-082d85479b6e | Develop an incident response plan | CMA_0145 - Develop an incident response plan | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 2b4e134f-1e4c-2bff-573e-082d85479b6e |
|
| Guest Configuration | 3810e389-1d92-4f77-9267-33bdcf0bd225 | Windows machines should schedule Windows Defender to perform a scheduled scan every day | Windows machines should schedule Windows Defender to perform a scheduled scan every day to ensure that malware is quickly identified to minimize the effect this may have to the environment. This policy requires that the Guest Configuration prerequisites have been deployed to the policy assignment scope. For more information on Guest Configuration, visit https://aka.ms/gcpol. | Default AuditIfNotExists Allowed AuditIfNotExists, Disabled |
add | 2022-09-02 16:33:37 3810e389-1d92-4f77-9267-33bdcf0bd225 |
|
| Regulatory Compliance | 50e9324a-7410-0539-0662-2c1e775538b7 | Authorize and manage access | CMA_0023 - Authorize and manage access | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 50e9324a-7410-0539-0662-2c1e775538b7 |
|
| Regulatory Compliance | ed87d27a-9abf-7c71-714c-61d881889da4 | Monitor privileged role assignment | CMA_0378 - Monitor privileged role assignment | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 ed87d27a-9abf-7c71-714c-61d881889da4 |
|
| Regulatory Compliance | f96d2186-79df-262d-3f76-f371e3b71798 | Review user privileges | CMA_C1039 - Review user privileges | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 f96d2186-79df-262d-3f76-f371e3b71798 |
|
| Regulatory Compliance | b2d3e5a2-97ab-5497-565a-71172a729d93 | Protect passwords with encryption | CMA_0408 - Protect passwords with encryption | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 b2d3e5a2-97ab-5497-565a-71172a729d93 |
|
| Regulatory Compliance | 26daf649-22d1-97e9-2a8a-01b182194d59 | Configure workstations to check for digital certificates | CMA_0073 - Configure workstations to check for digital certificates | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 26daf649-22d1-97e9-2a8a-01b182194d59 |
|
| Regulatory Compliance | db28735f-518f-870e-15b4-49623cbe3aa0 | Verify software, firmware and information integrity | CMA_0542 - Verify software, firmware and information integrity | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 db28735f-518f-870e-15b4-49623cbe3aa0 |
|
| Regulatory Compliance | f476f3b0-4152-526e-a209-44e5f8c968d7 | Establish network segmentation for card holder data environment | CMA_0273 - Establish network segmentation for card holder data environment | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 f476f3b0-4152-526e-a209-44e5f8c968d7 |
|
| Regulatory Compliance | 1bc7fd64-291f-028e-4ed6-6e07886e163f | Employ least privilege access | CMA_0212 - Employ least privilege access | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 1bc7fd64-291f-028e-4ed6-6e07886e163f |
|
| Regulatory Compliance | 9c276cf3-596f-581a-7fbd-f5e46edaa0f4 | Manage symmetric cryptographic keys | CMA_0367 - Manage symmetric cryptographic keys | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 9c276cf3-596f-581a-7fbd-f5e46edaa0f4 |
|
| Regulatory Compliance | 2c6bee3a-2180-2430-440d-db3c7a849870 | Document security operations | CMA_0202 - Document security operations | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 2c6bee3a-2180-2430-440d-db3c7a849870 |
|
| Regulatory Compliance | 8489ff90-8d29-61df-2d84-f9ab0f4c5e84 | Notify when account is not needed | CMA_0383 - Notify when account is not needed | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 8489ff90-8d29-61df-2d84-f9ab0f4c5e84 |
|
| Regulatory Compliance | 3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f | Perform vulnerability scans | CMA_0393 - Perform vulnerability scans | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f |
|
| Regulatory Compliance | a830fe9e-08c9-a4fb-420c-6f6bf1702395 | Review account provisioning logs | CMA_0460 - Review account provisioning logs | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 a830fe9e-08c9-a4fb-420c-6f6bf1702395 |
|
| Regulatory Compliance | e23444b9-9662-40f3-289e-6d25c02b48fa | Review label activity and analytics | CMA_0474 - Review label activity and analytics | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 e23444b9-9662-40f3-289e-6d25c02b48fa |
|
| Regulatory Compliance | 33832848-42ab-63f3-1a55-c0ad309d44cd | Implement an automated configuration management tool | CMA_0311 - Implement an automated configuration management tool | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 33832848-42ab-63f3-1a55-c0ad309d44cd |
|
| Regulatory Compliance | 50e81644-923d-33fc-6ebb-9733bc8d1a06 | Perform a trend analysis on threats | CMA_0389 - Perform a trend analysis on threats | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 50e81644-923d-33fc-6ebb-9733bc8d1a06 |
|
| Regulatory Compliance | ae5345d5-8dab-086a-7290-db43a3272198 | Identify and authenticate network devices | CMA_0296 - Identify and authenticate network devices | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 ae5345d5-8dab-086a-7290-db43a3272198 |
|
| Regulatory Compliance | d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 | Disable authenticators upon termination | CMA_0169 - Disable authenticators upon termination | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 |
|
| Regulatory Compliance | 526ed90e-890f-69e7-0386-ba5c0f1f784f | Establish and document a configuration management plan | CMA_0264 - Establish and document a configuration management plan | Default Manual Allowed Manual, Disabled |
add | 2022-09-02 16:33:37 526ed90e-890f-69e7-0386-ba5c0f1f784f |
|
| Storage | 59759c62-9a22-4cdf-ae64-074495983fef | Configure diagnostic settings for Storage Accounts to Log Analytics workspace | Deploys the diagnostic settings for Storage accounts to stream resource logs to a Log Analytics workspace when any storage accounts which is missing this diagnostic settings is created or updated. | Default DeployIfNotExists Allowed DeployIfNotExists, AuditIfNotExists, Disabled |
count: 002 •Log Analytics Contributor •Monitoring Contributor |
add | 2022-08-26 16:33:38 59759c62-9a22-4cdf-ae64-074495983fef |
| Monitoring | 2fea0c12-e7d4-4e03-b7bf-c34b2b8d787d | [Preview]: Deploy Dependency agent for Linux virtual machine scale sets with Azure Monitoring Agent settings | Deploy Dependency agent for Linux virtual machine scale sets with Azure Monitoring Agent settings if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all virtual machines in the set by calling upgrade on them. In CLI this would be az vmss update-instances. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 001 •Virtual Machine Contributor |
change | 2022-08-26 16:33:38 Minor, new suffix: preview (1.0.0 > 1.1.1-preview) |
| Regulatory Compliance | 9622aaa9-5c49-40e2-5bf8-660b7cd23deb | Alert personnel of information spillage | CMA_0007 - Alert personnel of information spillage | Default Manual Allowed Manual, Disabled |
add | 2022-08-26 16:33:38 9622aaa9-5c49-40e2-5bf8-660b7cd23deb |
|
| Monitoring | c7f3bf36-b807-4f18-82dc-f480ad713635 | [Preview]: Deploy a VMInsights Data Collection Rule and Data Collection Rule Association for all the VMSS in the Resource Group | Deploy a Data Collection Rule for VMInsights and deploy Data Collection Rule Association for all the VMSSs in the Resource Group. The policy asks if enabling of Processes and Dependencies is required and accordingly creates the DCR. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 002 •Log Analytics Contributor •Monitoring Contributor |
change | 2022-08-26 16:33:38 Patch, new suffix: preview (1.1.0 > 1.1.1-preview) |
| Batch | c520cefc-285f-40f3-86e2-2efc38ef1f64 | Configure Batch accounts to disable public network access | Disabling public network access on a Batch account improves security by ensuring your Batch account can only be accessed from a private endpoint. Learn more about disabling public network access at https://docs.microsoft.com/azure/batch/private-connectivity. | Default Modify Allowed Modify, Disabled |
count: 001 •Contributor |
add | 2022-08-26 16:33:38 c520cefc-285f-40f3-86e2-2efc38ef1f64 |
| App Service | 0f98368e-36bc-4716-8ac2-8f8067203b63 | Configure App Service apps to only be accessible over HTTPS | Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. | Default Modify Allowed Modify, Disabled |
count: 001 •Website Contributor |
add | 2022-08-26 16:33:38 0f98368e-36bc-4716-8ac2-8f8067203b63 |
| Key Vault | 951af2fa-529b-416e-ab6e-066fd85ac459 | Deploy - Configure diagnostic settings for Azure Key Vault to Log Analytics workspace | Deploys the diagnostic settings for Azure Key Vault to stream resource logs to a Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 002 •Log Analytics Contributor •Monitoring Contributor |
change | 2022-08-26 16:33:38 Major (1.0.1 > 2.0.1) |
| Regulatory Compliance | 7d7a8356-5c34-9a95-3118-1424cfaf192a | Adopt biometric authentication mechanisms | CMA_0005 - Adopt biometric authentication mechanisms | Default Manual Allowed Manual, Disabled |
add | 2022-08-26 16:33:38 7d7a8356-5c34-9a95-3118-1424cfaf192a |
|
| App Service | a4af4a39-4135-47fb-b175-47fbdf85311d | App Service apps should only be accessible over HTTPS | Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. | Default Audit Allowed Audit, Disabled, Deny |
change | 2022-08-26 16:33:38 Major (2.0.0 > 3.0.0) |
|
| Storage | 25a70cc8-2bd4-47f1-90b6-1478e4662c96 | Configure diagnostic settings for File Services to Log Analytics workspace | Deploys the diagnostic settings for File Services to stream resource logs to a Log Analytics workspace when any file Service which is missing this diagnostic settings is created or updated. | Default DeployIfNotExists Allowed DeployIfNotExists, AuditIfNotExists, Disabled |
count: 002 •Log Analytics Contributor •Monitoring Contributor |
add | 2022-08-26 16:33:38 25a70cc8-2bd4-47f1-90b6-1478e4662c96 |
| Guest Configuration | f40c7c00-b4e3-4068-a315-5fe81347a904 | [Preview]: Add user-assigned managed identity to enable Guest Configuration assignments on virtual machines | This policy adds a user-assigned managed identity to virtual machines hosted in Azure that are supported by Guest Configuration. A user-assigned managed identity is a prerequisite for all Guest Configuration assignments and must be added to machines before using any Guest Configuration policy definitions. For more information on Guest Configuration, visit https://aka.ms/gcpol. | Default DeployIfNotExists Allowed AuditIfNotExists, DeployIfNotExists, Disabled |
count: 002 •Contributor •User Access Administrator |
change | 2022-08-26 16:33:38 Major, suffix remains equal (1.0.0-preview > 2.0.0-preview) |
| Key Vault | 1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d | Key vaults should have soft delete enabled | Deleting a key vault without soft delete enabled permanently deletes all secrets, keys, and certificates stored in the key vault. Accidental deletion of a key vault can lead to permanent data loss. Soft delete allows you to recover an accidentally deleted key vault for a configurable retention period. | Default Audit Allowed Audit, Deny, Disabled |
change | 2022-08-26 16:33:38 Major (2.0.0 > 3.0.0) |
|
| Security Center | 7926a6d1-b268-4586-8197-e8ae90c877d7 | Microsoft Defender for APIs should be enabled | Microsoft Defender for APIs brings new discovery, protection, detection, & response coverage to monitor for common API based attacks & security misconfigurations. | Default AuditIfNotExists Allowed AuditIfNotExists, Disabled |
add | 2022-08-26 16:33:38 7926a6d1-b268-4586-8197-e8ae90c877d7 |
|
| Regulatory Compliance | 1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 | Adhere to retention periods defined | CMA_0004 - Adhere to retention periods defined | Default Manual Allowed Manual, Disabled |
add | 2022-08-26 16:33:38 1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 |
|
| Storage | b4fe1a3b-0715-4c6c-a5ea-ffc33cf823cb | Configure diagnostic settings for Blob Services to Log Analytics workspace | Deploys the diagnostic settings for Blob Services to stream resource logs to a Log Analytics workspace when any blob Service which is missing this diagnostic settings is created or updated. | Default DeployIfNotExists Allowed DeployIfNotExists, AuditIfNotExists, Disabled |
count: 002 •Log Analytics Contributor •Monitoring Contributor |
add | 2022-08-26 16:33:38 b4fe1a3b-0715-4c6c-a5ea-ffc33cf823cb |
| Regulatory Compliance | f26af0b1-65b6-689a-a03f-352ad2d00f98 | Audit privileged functions | CMA_0019 - Audit privileged functions | Default Manual Allowed Manual, Disabled |
add | 2022-08-26 16:33:38 f26af0b1-65b6-689a-a03f-352ad2d00f98 |
|
| Monitoring | d55b81e1-984f-4a96-acab-fae204e3ca7f | [Preview]: Deploy Dependency agent for Linux virtual machines with Azure Monitoring Agent settings | Deploy Dependency agent for Linux virtual machines with Azure Monitoring Agent settings if the VM Image (OS) is in the list defined and the agent is not installed. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 001 •Log Analytics Contributor |
change | 2022-08-26 16:33:38 Minor, new suffix: preview (1.0.0 > 1.1.1-preview) |
| Storage | 2fb86bf3-d221-43d1-96d1-2434af34eaa0 | Configure diagnostic settings for Table Services to Log Analytics workspace | Deploys the diagnostic settings for Table Services to stream resource logs to a Log Analytics workspace when any table Service which is missing this diagnostic settings is created or updated. | Default DeployIfNotExists Allowed DeployIfNotExists, AuditIfNotExists, Disabled |
count: 002 •Log Analytics Contributor •Monitoring Contributor |
add | 2022-08-26 16:33:38 2fb86bf3-d221-43d1-96d1-2434af34eaa0 |
| App Service | ae1b9a8c-dfce-4605-bd91-69213b4a26fc | App Service app slots should only be accessible over HTTPS | Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. | Default Audit Allowed Audit, Disabled, Deny |
add | 2022-08-26 16:33:38 ae1b9a8c-dfce-4605-bd91-69213b4a26fc |
|
| Monitoring | bef3f64c-5290-43b7-85b0-9b254eef4c47 | Deploy Diagnostic Settings for Key Vault to Log Analytics workspace | Deploys the diagnostic settings for Key Vault to stream to a regional Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 002 •Log Analytics Contributor •Monitoring Contributor |
change | 2022-08-26 16:33:38 Major (2.0.0 > 3.0.0) |
| Monitoring | 84cfed75-dfd4-421b-93df-725b479d356a | [Preview]: Configure Dependency agent on Azure Arc enabled Windows servers with Azure Monitoring Agent settings | Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Dependency agent virtual machine extension with Azure Monitoring Agent settings. VM insights uses the Dependency agent to collect network metrics and discovered data about processes running on the machine and external process dependencies. See more - https://aka.ms/vminsightsdocs. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 001 •Log Analytics Contributor |
change | 2022-08-26 16:33:38 Minor, new suffix: preview (1.0.0 > 1.1.1-preview) |
| App Service | a18c77f2-3d6d-497a-9f61-849a7e8a3b79 | Configure App Service app slots to only be accessible over HTTPS | Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. | Default Modify Allowed Modify, Disabled |
count: 001 •Website Contributor |
add | 2022-08-26 16:33:38 a18c77f2-3d6d-497a-9f61-849a7e8a3b79 |
| Monitoring | 7c4214e9-ea57-487a-b38e-310ec09bc21d | [Preview]: Deploy a VMInsights Data Collection Rule and Data Collection Rule Association for Arc Machines in the Resource Group | Deploy a Data Collection Rule for VMInsights and deploy Data Collection Rule Association for all the Arc Machines in the Resource Group. The policy asks if enabling of Processes and Dependencies is required and accordingly creates the DCR. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 002 •Log Analytics Contributor •Monitoring Contributor |
change | 2022-08-26 16:33:38 Patch, new suffix: preview (1.1.0 > 1.1.1-preview) |
| Storage | 7bd000e3-37c7-4928-9f31-86c4b77c5c45 | Configure diagnostic settings for Queue Services to Log Analytics workspace | Deploys the diagnostic settings for Queue Services to stream resource logs to a Log Analytics workspace when any queue Service which is missing this diagnostic settings is created or updated. | Default DeployIfNotExists Allowed DeployIfNotExists, AuditIfNotExists, Disabled |
count: 002 •Log Analytics Contributor •Monitoring Contributor |
add | 2022-08-26 16:33:38 7bd000e3-37c7-4928-9f31-86c4b77c5c45 |
| Monitoring | af0082fd-fa58-4349-b916-b0e47abb0935 | [Preview]: Deploy Dependency agent to be enabled on Windows virtual machine scale sets with Azure Monitoring Agent settings | Deploy Dependency agent for Windows virtual machine scale sets with Azure Monitoring Agent settings if the virtual machine image is in the list defined and the agent is not installed. If your scale set upgradePolicy is set to Manual, you need to apply the extension to all the virtual machines in the set by updating them. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 001 •Virtual Machine Contributor |
change | 2022-08-26 16:33:38 Minor, new suffix: preview (1.0.0 > 1.1.1-preview) |
| Monitoring | a0f27bdc-5b15-4810-b81d-7c4df9df1a37 | [Preview]: Deploy a VMInsights Data Collection Rule and Data Collection Rule Association for all the VMs in the Resource Group | Deploy a Data Collection Rule for VMInsights and deploy Data Collection Rule Association for all the VMs in the Resource Group. The policy asks if enabling of Processes and Dependencies is required and accordingly creates the DCR. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 002 •Log Analytics Contributor •Monitoring Contributor |
change | 2022-08-26 16:33:38 Patch, new suffix: preview (1.1.0 > 1.1.1-preview) |
| Monitoring | 08a4470f-b26d-428d-97f4-7e3e9c92b366 | [Preview]: Configure Dependency agent on Azure Arc enabled Linux servers with Azure Monitoring Agent settings | Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Dependency agent virtual machine extension with Azure Monitoring Agent settings. VM insights uses the Dependency agent to collect network metrics and discovered data about processes running on the machine and external process dependencies. See more - https://aka.ms/vminsightsdocs. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 001 •Log Analytics Contributor |
change | 2022-08-26 16:33:38 Minor, new suffix: preview (1.0.0 > 1.1.1-preview) |
| Security Center | e54d2be9-5f2e-4d65-98e4-4f0e670b23d6 | Configure Microsoft Defender for APIs should be enabled | Microsoft Defender for APIs brings new discovery, protection, detection, & response coverage to monitor for common API based attacks & security misconfigurations. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 001 •Security Admin |
add | 2022-08-26 16:33:38 e54d2be9-5f2e-4d65-98e4-4f0e670b23d6 |
| Monitoring | 89ca9cc7-25cd-4d53-97ba-445ca7a1f222 | [Preview]: Deploy Dependency agent to be enabled on Windows virtual machines with Azure Monitoring Agent settings | Deploy Dependency agent for Windows virtual machines with Azure Monitoring Agent settings if the virtual machine image is in the list defined and the agent is not installed. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 001 •Log Analytics Contributor |
change | 2022-08-26 16:33:38 Minor, new suffix: preview (1.0.0 > 1.1.1-preview) |
| Storage | 6f8f98a4-f108-47cb-8e98-91a0d85cd474 | [Deprecated]: Configure diagnostic settings for storage accounts to Log Analytics workspace | Deprecated: This policy did not evaluate correctly and has been separated into policies for each of the nested resources. Please see new policies for storage accounts (id: /providers/Microsoft.Authorization/policyDefinitions/59759c62-9a22-4cdf-ae64-074495983fef), blob services (b4fe1a3b-0715-4c6c-a5ea-ffc33cf823cb), file (25a70cc8-2bd4-47f1-90b6-1478e4662c96), queue (7bd000e3-37c7-4928-9f31-86c4b77c5c45), and table (2fb86bf3-d221-43d1-96d1-2434af34eaa0). | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 002 •Log Analytics Contributor •Monitoring Contributor |
change | 2022-08-26 16:33:38 Version remains equal, new suffix: deprecated (1.3.0 > 1.3.0-deprecated) |
| Machine Learning | 679ddf89-ab8f-48a5-9029-e76054077449 | Azure Machine Learning Compute Instance should have idle shutdown. | Having an idle shutdown schedule reduces cost by shutting down computes that are idle after a pre-determined period of activity. | Default Audit Allowed Audit, Deny, Disabled |
add | 2022-08-26 16:33:38 679ddf89-ab8f-48a5-9029-e76054077449 |
|
| Kubernetes | b6c7fd52-4723-5f4d-a157-3d39bd16a1d7 | Configure Kubernetes clusters with Flux v2 configuration using Git repository and local secrets | Deploy a 'fluxConfiguration' to Kubernetes clusters to assure that the clusters get their source of truth for workloads and configurations from the defined Git repository. This definition requires local authentication secrets stored in the Kubernetes cluster. For instructions, visit https://aka.ms/GitOpsFlux2Policy. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 001 •Contributor |
add | 2022-08-19 16:33:23 b6c7fd52-4723-5f4d-a157-3d39bd16a1d7 |
| Kubernetes | 2630c91f-8a20-8f43-14a2-2485b648e2a9 | Configure Kubernetes clusters with Flux v2 configuration using Git repository and HTTPS CA Certificate | Deploy a 'fluxConfiguration' to Kubernetes clusters to assure that the clusters get their source of truth for workloads and configurations from the defined Git repository. This definition requires a HTTPS CA Certificate. For instructions, visit https://aka.ms/GitOpsFlux2Policy. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 001 •Contributor |
add | 2022-08-19 16:33:23 2630c91f-8a20-8f43-14a2-2485b648e2a9 |
| Kubernetes | f9175d5f-abc8-1dc3-bd3c-5d7476ada3d1 | Configure installation of Flux extension on Kubernetes cluster | Install Flux extension on Kubernetes cluster to enable deployment of 'fluxconfigurations' in the cluster | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 001 •Contributor |
add | 2022-08-19 16:33:23 f9175d5f-abc8-1dc3-bd3c-5d7476ada3d1 |
| Kubernetes | 5174c1db-ca42-e0d4-b320-4f1cf6a1fa93 | Configure Kubernetes clusters with Flux v2 configuration using Bucket source and secrets in KeyVault | Deploy a 'fluxConfiguration' to Kubernetes clusters to assure that the clusters get their source of truth for workloads and configurations from the defined Bucket. This definition requires a Bucket SecretKey stored in Key Vault. For instructions, visit https://aka.ms/GitOpsFlux2Policy. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 001 •Contributor |
add | 2022-08-19 16:33:23 5174c1db-ca42-e0d4-b320-4f1cf6a1fa93 |
| Kubernetes | 9e980dca-f3e1-8da3-6717-ad37b1ca6b27 | Configure Kubernetes clusters with Flux v2 configuration using Git repository and SSH secrets | Deploy a 'fluxConfiguration' to Kubernetes clusters to assure that the clusters get their source of truth for workloads and configurations from the defined Git repository. This definition requires a SSH private key secret stored in Key Vault. For instructions, visit https://aka.ms/GitOpsFlux2Policy. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 001 •Contributor |
add | 2022-08-19 16:33:23 9e980dca-f3e1-8da3-6717-ad37b1ca6b27 |
| Kubernetes | b8c1d6c1-6137-97c6-9c34-d4627e54ca26 | Configure Kubernetes clusters with specified Flux v2 Bucket source using local secrets | Deploy a 'fluxConfiguration' to Kubernetes clusters to assure that the clusters get their source of truth for workloads and configurations from the defined Bucket. This definition requires local authentication secrets stored in the Kubernetes cluster. For instructions, visit https://aka.ms/GitOpsFlux2Policy. | Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
count: 001 •Contributor |
add | 2022-08-19 16:33:23 b8c1d6c1-6137-97c6-9c34-d4627e54ca26 |
| Automanage | b025cfb4-3702-47c2-9110-87fe0cfcc99b | Configure virtual machines to be onboarded to Azure Automanage with Custom Configuration Profile | Azure Automanage enrolls, configures, and monitors virtual machines with best practice as defined in the Microsoft Cloud Adoption Framework for Azure. Use this policy to apply Automanage with your own customized Configuration Profile to your selected scope. | Default DeployIfNotExists Allowed AuditIfNotExists, DeployIfNotExists, Disabled |
count: 001 • |