last sync: 2022-Dec-02 17:43:04 UTC

Azure Policy Initiative

SWIFT CSP-CSCF v2022

NameSWIFT CSP-CSCF v2022
Azure Portal
Id7bc7cd6c-4114-ff31-3cac-59be3157596d
Version2.0.0
details on versioning
CategoryRegulatory Compliance
Microsoft docs
DescriptionSWIFT's Customer Security Programme (CSP) helps financial institutions ensure their defences against cyberattacks are up to date and effective, to protect the integrity of the wider financial network. Users compare the security measures they have implemented with those detailed in the Customer Security Controls Framework (CSCF). These policies address a subset of SWIFT controls. For more information, visit https://docs.microsoft.com/azure/governance/policy/samples/swift-cscf-v2021
TypeBuiltIn
DeprecatedFalse
PreviewFalse
History
Date/Time (UTC ymd) (i) Changes
2022-09-27 16:35:21 add Policy Enforce mandatory and discretionary access control policies (b1666a13-8f67-9c47-155e-69e027ff6823)
add Policy Integrate audit review, analysis, and reporting (f741c4e6-41eb-15a4-25a2-61ac7ca232f0)
add Policy Revoke privileged roles as appropriate (32f22cfa-770b-057c-965b-450898425519)
add Policy Implement controls to secure all media (e435f7e3-0dd9-58c9-451f-9b44b96c0232)
add Policy Observe and report security weaknesses (ff136354-1c92-76dc-2dab-80fb7c6a9f1a)
add Policy Review account provisioning logs (a830fe9e-08c9-a4fb-420c-6f6bf1702395)
add Policy Identify and mitigate potential issues at alternate storage site (13939f8c-4cd5-a6db-9af4-9dfec35e3722)
add Policy Establish a secure software development program (e750ca06-1824-464a-2cf3-d0fa754d1cb4)
add Policy Protect data in transit using encryption (b11697e8-9515-16f1-7a35-477d5c8a1344)
add Policy Review and update risk assessment policies and procedures (20012034-96f0-85c2-4a86-1ae1eb457802)
add Policy Manage system and admin accounts (34d38ea7-6754-1838-7031-d7fd07099821)
add Policy Determine assertion requirements (7a0ecd94-3699-5273-76a5-edb8499f655a)
add Policy Implement controls to secure alternate work sites (cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e)
add Policy Require approval for account creation (de770ba6-50dd-a316-2932-e0d972eaa734)
add Policy Clear personnel with access to classified information (c42f19c9-5d88-92da-0742-371a0ea03126)
add Policy Conduct capacity planning (33602e78-35e3-4f06-17fb-13dd887448e4)
add Policy Recover and reconstitute resources after any disruption (f33c3238-11d2-508c-877c-4262ec1132e1)
add Policy Develop and establish a system security plan (b2ea1058-8998-3dd1-84f1-82132ad482fd)
add Policy Assess information security events (37b0045b-3887-367b-8b4d-b9a6fa911bb9)
add Policy Perform audit for configuration change control (1282809c-9001-176b-4a81-260a085f4872)
add Policy Protect incident response plan (2401b496-7f23-79b2-9f80-89bb5abf3d4a)
add Policy Document and implement wireless access guidelines (04b3e7f6-4841-888d-4799-cda19a0084f6)
add Policy Establish relationship between incident response capability and external providers (b470a37a-7a47-3792-34dd-7a793140702e)
add Policy Restrict access to private keys (8d140e8b-76c7-77de-1d46-ed1b2e112444)
add Policy Establish a password policy (d8bbd80e-3bb1-5983-06c2-428526ec6a63)
add Policy Develop and document application security requirements (6de65dc4-8b4f-34b7-9290-eb137a2e2929)
add Policy Provide monitoring information as needed (7fc1f0da-0050-19bb-3d75-81ae15940df6)
add Policy Ensure access agreements are signed or resigned timely (e7589f4e-1e8b-72c2-3692-1e14d7f3699f)
add Policy Conduct incident response testing (3545c827-26ee-282d-4629-23952a12008b)
add Policy Provide role-based security training (4c385143-09fd-3a34-790c-a5fd9ec77ddc)
add Policy Employ least privilege access (1bc7fd64-291f-028e-4ed6-6e07886e163f)
add Policy Define information system account types (623b5f0a-8cbd-03a6-4892-201d27302f0c)
add Policy Develop and document a business continuity and disaster recovery plan (bd6cbcba-4a2d-507c-53e3-296b5c238a8e)
add Policy Automate process to highlight unreviewed change proposals (92b49e92-570f-1765-804a-378e6c592e28)
add Policy Assess risk in third party relationships (0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08)
add Policy Disable authenticators upon termination (d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10)
add Policy Provide information spillage training (2d4d0e90-32d9-4deb-2166-a00d51ed57c0)
add Policy Document separation of duties (e6f7b584-877a-0d69-77d4-ab8b923a9650)
add Policy Employ independent team for penetration testing (611ebc63-8600-50b6-a0e3-fef272457132)
add Policy Define requirements for supplying goods and services (2b2f3a72-9e68-3993-2b69-13dcdecf8958)
add Policy Implement security engineering principles of information systems (df2e9507-169b-4114-3a52-877561ee3198)
add Policy Require developers to document approved changes and potential impact (3a868d0c-538f-968b-0191-bddb44da5b75)
add Policy Document acquisition contract acceptance criteria (0803eaa7-671c-08a7-52fd-ac419f775e75)
add Policy Perform a trend analysis on threats (50e81644-923d-33fc-6ebb-9733bc8d1a06)
add Policy Protect special information (a315c657-4a00-8eba-15ac-44692ad24423)
add Policy Block untrusted and unsigned processes that run from USB (3d399cf3-8fc6-0efc-6ab0-1412f1198517)
add Policy Assign account managers (4c6df5ff-4ef2-4f17-a516-0da9189c603b)
add Policy Develop contingency planning policies and procedures (75b42dcf-7840-1271-260b-852273d7906e)
add Policy Perform security function verification at a defined frequency (f30edfad-4e1d-1eef-27ee-9292d6d89842)
add Policy Review audit data (6625638f-3ba1-7404-5983-0ea33d719d34)
add Policy Transfer backup information to an alternate storage site (7bdb79ea-16b8-453e-4ca4-ad5b16012414)
add Policy Implement physical security for offices, working areas, and secure areas (05ec66a2-137c-14b8-8e75-3d7a2bef07f8)
add Policy Establish requirements for internet service providers (5f2e834d-7e40-a4d5-a216-e49b16955ccf)
add Policy Implement a penetration testing methodology (c2eabc28-1e5c-78a2-a712-7cc176c44c07)
add Policy Plan for resumption of essential business functions (7ded6497-815d-6506-242b-e043e0273928)
add Policy Establish a data leakage management procedure (3c9aa856-6b86-35dc-83f4-bc72cec74dea)
add Policy Define access authorizations to support separation of duties (341bc9f1-7489-07d9-4ec6-971573e1546a)
add Policy Determine supplier contract obligations (67ada943-8539-083d-35d0-7af648974125)
add Policy Authorize and manage access (50e9324a-7410-0539-0662-2c1e775538b7)
add Policy Create separate alternate and primary storage sites (81b6267b-97a7-9aa5-51ee-d2584a160424)
add Policy Audit privileged functions (f26af0b1-65b6-689a-a03f-352ad2d00f98)
add Policy Establish a privacy program (39eb03c1-97cc-11ab-0960-6209ed2869f7)
add Policy Establish security requirements for the manufacturing of connected devices (afbecd30-37ee-a27b-8e09-6ac49951a0ee)
add Policy Notify users of system logon or access (fe2dff43-0a8c-95df-0432-cb1c794b17d0)
add Policy Provide security training for new users (1cb7bf71-841c-4741-438a-67c65fdd7194)
add Policy Review user privileges (f96d2186-79df-262d-3f76-f371e3b71798)
add Policy Configure actions for noncompliant devices (b53aa659-513e-032c-52e6-1ce0ba46582f)
add Policy Protect audit information (0e696f5a-451f-5c15-5532-044136538491)
add Policy Review administrator assignments weekly (f27a298f-9443-014a-0d40-fef12adf0259)
add Policy Identify incident response personnel (037c0089-6606-2dab-49ad-437005b5035f)
add Policy Require developers to manage change integrity (b33d61c1-7463-7025-0ec0-a47585b59147)
add Policy Update antivirus definitions (ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65)
add Policy Review malware detections report weekly (4a6f5cbd-6c6b-006f-2bb1-091af1441bce)
add Policy Distribute policies and procedures (eff6e4a5-3efe-94dd-2ed1-25d56a019a82)
add Policy Determine auditable events (2f67e567-03db-9d1f-67dc-b6ffb91312f4)
add Policy Notify personnel of any failed security verification tests (18e9d748-73d4-0c96-55ab-b108bfbd5bc3)
add Policy Alert personnel of information spillage (9622aaa9-5c49-40e2-5bf8-660b7cd23deb)
add Policy Develop information security policies and procedures (af227964-5b8b-22a2-9364-06d2cb9d6d7c)
add Policy Implement an automated configuration management tool (33832848-42ab-63f3-1a55-c0ad309d44cd)
add Policy Notify when account is not needed (8489ff90-8d29-61df-2d84-f9ab0f4c5e84)
add Policy Establish conditions for role membership (97cfd944-6f0c-7db2-3796-8e890ef70819)
add Policy Identify and authenticate network devices (ae5345d5-8dab-086a-7290-db43a3272198)
add Policy Configure workstations to check for digital certificates (26daf649-22d1-97e9-2a8a-01b182194d59)
add Policy Rescreen individuals at a defined frequency (c6aeb800-0b19-944d-92dc-59b893722329)
add Policy Run simulation attacks (a8f9c283-9a66-3eb3-9e10-bdba95b85884)
add Policy Disseminate security alerts to personnel (9c93ef57-7000-63fb-9b74-88f2e17ca5d2)
add Policy Establish an alternate processing site (af5ff768-a34b-720e-1224-e6b3214f3ba6)
add Policy Enforce security configuration settings (058e9719-1ff9-3653-4230-23f76b6492e0)
add Policy Separately store backup information (fc26e2fd-3149-74b4-5988-d64bb90f8ef7)
add Policy Document remote access guidelines (3d492600-27ba-62cc-a1c3-66eb919f6a0d)
add Policy Review cloud service provider's compliance with policies and agreements (ffea18d9-13de-6505-37f3-4c1f88070ad7)
add Policy Document security documentation requirements in acquisition contract (a465e8e9-0095-85cb-a05f-1dd4960d02af)
add Policy Implement the risk management strategy (c6fe3856-4635-36b6-983c-070da12a953b)
add Policy Conduct risk assessment and document its results (1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68)
add Policy Create alternative actions for identified anomalies (cc2f7339-2fac-1ea9-9ca3-cd530fbb0da2)
add Policy Review user groups and applications with access to sensitive data (eb1c944e-0e94-647b-9b7e-fdb8d2af0838)
add Policy Provide privacy training (518eafdd-08e5-37a9-795b-15a8d798056d)
add Policy Produce, control and distribute symmetric cryptographic keys (16c54e01-9e65-7524-7c33-beda48a75779)
add Policy Protect passwords with encryption (b2d3e5a2-97ab-5497-565a-71172a729d93)
add Policy Conduct Risk Assessment (677e1da4-00c3-287a-563d-f4a1cf9b99a0)
add Policy Document security functional requirements in acquisition contracts (57927290-8000-59bf-3776-90c468ac5b4b)
add Policy Establish policies for supply chain risk management (9150259b-617b-596d-3bf5-5ca3fce20335)
add Policy Manage a secure surveillance camera system (f2222056-062d-1060-6dc2-0107a68c34b2)
add Policy Manage symmetric cryptographic keys (9c276cf3-596f-581a-7fbd-f5e46edaa0f4)
add Policy Provide role-based practical exercises (d041726f-00e0-41ca-368c-b1a122066482)
add Policy Define and document government oversight (cbfa1bd0-714d-8d6f-0480-2ad6a53972df)
add Policy Manage the transportation of assets (4ac81669-00e2-9790-8648-71bc11bc91eb)
add Policy Obtain legal opinion for monitoring system activities (d9af7f88-686a-5a8b-704b-eafdab278977)
add Policy Perform a privacy impact assessment (d18af1ac-0086-4762-6dc8-87cdded90e39)
add Policy Require developers to build security architecture (f131c8c5-a54a-4888-1efc-158928924bc1)
add Policy Review cloud identity report overview (8aec4343-9153-9641-172c-defb201f56b3)
add Policy Document the protection of cardholder data in third party contracts (77acc53d-0f67-6e06-7d04-5750653d4629)
add Policy Resume all mission and business functions (91a54089-2d69-0f56-62dc-b6371a1671c0)
add Policy Establish and document a configuration management plan (526ed90e-890f-69e7-0386-ba5c0f1f784f)
add Policy Implement privileged access for executing vulnerability scanning activities (5b802722-71dd-a13d-2e7e-231e09589efb)
add Policy Establish alternate storage site that facilitates recovery operations (245fe58b-96f8-9f1e-48c5-7f49903f66fd)
add Policy Conduct a security impact analysis (203101f5-99a3-1491-1b56-acccd9b66a9e)
add Policy Review user accounts (79f081c7-1634-01a1-708e-376197999289)
add Policy Secure the interface to external systems (ff1efad2-6b09-54cc-01bf-d386c4d558a8)
add Policy Correlate audit records (10874318-0bf7-a41f-8463-03e395482080)
add Policy Use privileged identity management (e714b481-8fac-64a2-14a9-6f079b2501a4)
add Policy Retain previous versions of baseline configs (5e4e9685-3818-5934-0071-2620c4fa2ca5)
add Policy Coordinate contingency plans with related plans (c5784049-959f-6067-420c-f4cefae93076)
add Policy Employ automatic emergency lighting (aa892c0d-2c40-200c-0dd8-eac8c4748ede)
add Policy Provide role-based training on suspicious activities (f6794ab8-9a7d-3b24-76ab-265d3646232b)
add Policy Maintain incident response plan (37546841-8ea1-5be0-214d-8ac599588332)
add Policy Address information security issues (56fb5173-3865-5a5d-5fad-ae33e53e1577)
add Policy Isolate SecurID systems, Security Incident Management systems (dd6d00a8-701a-5935-a22b-c7b9c0c698b2)
add Policy Define a physical key management process (51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7)
add Policy Ensure external providers consistently meet interests of the customers (3eabed6d-1912-2d3c-858b-f438d08d0412)
add Policy Verify software, firmware and information integrity (db28735f-518f-870e-15b4-49623cbe3aa0)
add Policy Implement managed interface for each external service (b262e1dd-08e9-41d4-963a-258909ad794b)
add Policy Identify and manage downstream information exchanges (c7fddb0e-3f44-8635-2b35-dc6b8e740b7c)
add Policy Separate duties of individuals (60ee1260-97f0-61bb-8155-5d8b75743655)
add Policy Manage gateways (63f63e71-6c3f-9add-4c43-64de23e554a7)
add Policy Establish network segmentation for card holder data environment (f476f3b0-4152-526e-a209-44e5f8c968d7)
add Policy Automate process to document implemented changes (43ac3ccb-4ef6-7d63-9a3f-6848485ba4e8)
add Policy Require external service providers to comply with security requirements (4e45863d-9ea9-32b4-a204-2680bc6007a6)
add Policy Review and update incident response policies and procedures (b28c8687-4bbd-8614-0b96-cdffa1ac6d9c)
add Policy Provide real-time alerts for audit event failures (0f4fa857-079d-9d3d-5c49-21f616189e03)
add Policy Perform a risk assessment (8c5d3d8d-5cba-0def-257c-5ab9ea9644dc)
add Policy Plan for continuance of essential business functions (d9edcea6-6cb8-0266-a48c-2061fbac4310)
add Policy Establish backup policies and procedures (4f23967c-a74b-9a09-9dc2-f566f61a87b9)
add Policy Document protection of security information in acquisition contracts (d78f95ba-870a-a500-6104-8a5ce2534f19)
add Policy Employ restrictions on external system interconnections (80029bc5-834f-3a9c-a2d8-acbc1aab4e9f)
add Policy Eradicate contaminated information (54a9c072-4a93-2a03-6a43-a060d30383d7)
add Policy Automate account management (2cc9c165-46bd-9762-5739-d2aae5ba90a1)
add Policy Authorize access to security functions and information (aeed863a-0f56-429f-945d-8bb66bd06841)
add Policy Review file and folder activity (ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba)
add Policy Maintain data breach records (0fd1ca29-677b-2f12-1879-639716459160)
add Policy Define cryptographic use (c4ccd607-702b-8ae6-8eeb-fc3339cd4b42)
add Policy Provide periodic role-based security training (9ac8621d-9acd-55bf-9f99-ee4212cc3d85)
add Policy Establish and document change control processes (bd4dc286-2f30-5b95-777c-681f3a7913d3)
add Policy Monitor privileged role assignment (ed87d27a-9abf-7c71-714c-61d881889da4)
add Policy Document security assurance requirements in acquisition contracts (13efd2d7-3980-a2a4-39d0-527180c009e8)
add Policy Protect wireless access (d42a8f69-a193-6cbc-48b9-04a9e29961f1)
add Policy Control information flow (59bedbdc-0ba9-39b9-66bb-1d1c192384e6)
add Policy Document protection of personal data in acquisition contracts (f9ec3263-9562-1768-65a1-729793635a8d)
add Policy Establish a configuration control board (7380631c-5bf5-0e3a-4509-0873becd8a63)
add Policy Implement system boundary protection (01ae60e2-38bb-0a32-7b20-d3a091423409)
add Policy Employ boundary protection to isolate information systems (311802f9-098d-0659-245a-94c5d47c0182)
add Policy Install an alarm system (aa0ddd99-43eb-302d-3f8f-42b499182960)
add Policy Distribute authenticators (098dcde7-016a-06c3-0985-0daaf3301d3a)
add Policy Enforce logical access (10c4210b-3ec9-9603-050d-77e4d26c7ebb)
add Policy Route traffic through managed network access points (bab9ef1d-a16d-421a-822d-3fa94e808156)
add Policy Adopt biometric authentication mechanisms (7d7a8356-5c34-9a95-3118-1424cfaf192a)
add Policy Require developers to produce evidence of security assessment plan execution (f8a63511-66f1-503f-196d-d6217ee0823a)
add Policy Document mobility training (83dfb2b8-678b-20a0-4c44-5c75ada023e6)
add Policy Establish a risk management strategy (d36700f2-2f0d-7c2a-059c-bdadd1d79f70)
add Policy Restrict access to privileged accounts (873895e8-0e3a-6492-42e9-22cd030e9fcd)
add Policy Reassign or remove user privileges as needed (7805a343-275c-41be-9d62-7215b96212d8)
add Policy Establish an information security program (84245967-7882-54f6-2d34-85059f725b47)
add Policy Review exploit protection events (a30bd8e9-7064-312a-0e1f-e1b485d59f6e)
add Policy Incorporate flaw remediation into configuration management (34aac8b2-488a-2b96-7280-5b9b481a317a)
add Policy Provide updated security awareness training (d136ae80-54dd-321c-98b4-17acf4af2169)
add Policy Develop and maintain a vulnerability management standard (055da733-55c6-9e10-8194-c40731057ec4)
add Policy Check for privacy and security compliance before establishing internal connections (ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab)
add Policy Verify identity before distributing authenticators (72889284-15d2-90b2-4b39-a1e9541e1152)
add Policy Review role group changes weekly (70fe686f-1f91-7dab-11bf-bca4201e183b)
add Policy Establish alternate storage site to store and retrieve backup information (0a412110-3874-9f22-187a-c7a81c8a6704)
add Policy Automate proposed documented changes (5c40f27b-6791-18c5-3f85-7b863bd99c11)
add Policy Develop security safeguards (423f6d9c-0c73-9cc6-64f4-b52242490368)
add Policy Turn on sensors for endpoint security solution (5fc24b95-53f7-0ed1-2330-701b539b97fe)
add Policy Document security and privacy training activities (524e7136-9f6a-75ba-9089-501018151346)
add Policy Set automated notifications for new and trending cloud applications in your organization (af38215f-70c4-0cd6-40c2-c52d86690a45)
add Policy Establish firewall and router configuration standards (398fdbd8-56fd-274d-35c6-fa2d3b2755a1)
add Policy Document security operations (2c6bee3a-2180-2430-440d-db3c7a849870)
add Policy Provide contingency training (de936662-13dc-204c-75ec-1af80f994088)
add Policy Review controlled folder access events (f48b60c6-4b37-332f-7288-b6ea50d300eb)
add Policy Develop and maintain baseline configurations (2f20840e-7925-221c-725d-757442753e7c)
add Policy Implement parameters for memorized secret verifiers (3b30aa25-0f19-6c04-5ca4-bd3f880a763d)
add Policy Provide security awareness training for insider threats (9b8b05ec-3d21-215e-5d98-0f7cf0998202)
add Policy Implement personnel screening (e0c480bf-0d68-a42d-4cbb-b60f851f8716)
add Policy Remediate information system flaws (be38a620-000b-21cf-3cb3-ea151b704c3b)
add Policy Prepare alternate processing site for use as operational site (0f31d98d-5ce2-705b-4aa5-b4f6705110dd)
add Policy Enable network protection (8c255136-994b-9616-79f5-ae87810e0dcf)
add Policy Conduct backup of information system documentation (b269a749-705e-8bff-055a-147744675cdf)
add Policy Ensure alternate storage site safeguards are equivalent to primary site (178c8b7e-1b6e-4289-44dd-2f1526b678a1)
add Policy Authorize remote access (dad8a2e9-6f27-4fc2-8933-7e99fe700c9c)
add Policy Perform vulnerability scans (3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f)
add Policy Establish configuration management requirements for developers (8747b573-8294-86a0-8914-49e9b06a5ace)
add Policy Integrate cloud app security with a siem (9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9)
add Policy Enforce random unique session identifiers (c7d57a6a-7cc2-66c0-299f-83bf90558f5d)
add Policy Require developers to implement only approved changes (085467a6-9679-5c65-584a-f55acefd0d43)
add Policy Provide periodic security awareness training (516be556-1353-080d-2c2f-f46f000d5785)
add Policy Audit user account status (49c23d9b-02b0-0e42-4f94-e8cef1b8381b)
add Policy Document security strength requirements in acquisition contracts (ebb0ba89-6d8c-84a7-252b-7393881e43de)
add Policy Document the information system environment in acquisition contracts (c148208b-1a6f-a4ac-7abc-23b1d41121b1)
add Policy View and investigate restricted users (98145a9b-428a-7e81-9d14-ebb154a24f93)
add Policy Employ flow control mechanisms of encrypted information (79365f13-8ba4-1f6c-2ac4-aa39929f56d0)
add Policy Develop contingency plan (aa305b4d-8c84-1754-0c74-dec004e66be0)
add Policy Establish requirements for audit review and reporting (b3c8cc83-20d3-3890-8bc8-5568777670f4)
add Policy Undergo independent security review (9b55929b-0101-47c0-a16e-d6ac5c7d21f8)
add Policy Document requirements for the use of shared data in contracts (0ba211ef-0e85-2a45-17fc-401d1b3f8f85)
add Policy View and configure system diagnostic data (0123edae-3567-a05a-9b05-b53ebe9d3e7e)
add Policy Authorize, monitor, and control voip (e4e1f896-8a93-1151-43c7-0ad23b081ee2)
add Policy Address coding vulnerabilities (318b2bd9-9c39-9f8b-46a7-048401f33476)
add Policy Design an access control model (03b6427e-6072-4226-4bd9-a410ab65317e)
add Policy Identify classes of Incidents and Actions taken (23d1a569-2d1e-7f43-9e22-1f94115b7dd5)
add Policy Information flow control using security policy filters (13ef3484-3a51-785a-9c96-500f21f84edd)
add Policy Monitor account activity (7b28ba4f-0a87-46ac-62e1-46b7c09202a8)
add Policy Define and enforce conditions for shared and group accounts (f7eb1d0b-6d4f-2d59-1591-7563e11a9313)
add Policy Establish procedures for initial authenticator distribution (35963d41-4263-0ef9-98d5-70eb058f9e3c)
add Policy Incorporate simulated events into incident response training (1fdeb7c4-4c93-8271-a135-17ebe85f1cc7)
add Policy Provide security training before providing access (2b05dca2-25ec-9335-495c-29155f785082)
add Policy Produce, control and distribute asymmetric cryptographic keys (de077e7e-0cc8-65a6-6e08-9ab46c827b05)
add Policy Execute actions in response to information spills (ba78efc6-795c-64f4-7a02-91effbd34af9)
add Policy Correlate Vulnerability scan information (e3905a3c-97e7-0b4f-15fb-465c0927536f)
add Policy Issue public key certificates (97d91b33-7050-237b-3e23-a77d57d84e13)
add Policy Use automated mechanisms for security alerts (b8689b2e-4308-a58b-a0b4-6f3343a000df)
add Policy Establish and maintain an asset inventory (27965e62-141f-8cca-426f-d09514ee5216)
add Policy Monitor access across the organization (48c816c5-2190-61fc-8806-25d6f3df162f)
add Policy Review and update physical and environmental policies and procedures (91cf132e-0c9f-37a8-a523-dc6a92cd2fb2)
add Policy Control physical access (55a7f9a0-6397-7589-05ef-5ed59a8149e7)
add Policy Reauthenticate or terminate a user session (d6653f89-7cb5-24a4-9d71-51581038231b)
add Policy Document access privileges (a08b18c7-9e0a-89f1-3696-d80902196719)
add Policy Conduct risk assessment and distribute its results (d7c1ecc3-2980-a079-1569-91aec8ac4a77)
add Policy Define organizational requirements for cryptographic key management (d661e9eb-4e15-5ba1-6f02-cdc467db0d6c)
add Policy Employ automatic shutdown/restart when violations are detected (1b8a7ec3-11cc-a2d3-8cd0-eedf074424a4)
add Policy Establish authenticator types and processes (921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0)
add Policy Implement incident handling (433de59e-7a53-a766-02c2-f80f8421469a)
add Policy Develop an incident response plan (2b4e134f-1e4c-2bff-573e-082d85479b6e)
add Policy Manage authenticator lifetime and reuse (29363ae1-68cd-01ca-799d-92c9197c8404)
add Policy Perform threat modeling (bf883b14-9c19-0f37-8825-5e39a8b66d5b)
add Policy Restore resources to operational state (f801d58e-5659-9a4a-6e8d-02c9334732e5)
add Policy Maintain availability of information (3ad7f0bc-3d03-0585-4d24-529779bb02c2)
add Policy Detect network services that have not been authorized or approved (86ecd378-a3a0-5d5b-207c-05e6aaca43fc)
Version change: '1.0.0-preview' to '2.0.0'
Name change: '[Preview]: SWIFT CSP-CSCF v2022' to 'SWIFT CSP-CSCF v2022'
2022-09-21 16:34:39 Description change: 'This initiative includes policies that address a subset of the SWIFT Customer Security Program's Customer Security Controls Framework v2022 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/swift2022-init.' to 'SWIFT's Customer Security Programme (CSP) helps financial institutions ensure their defences against cyberattacks are up to date and effective, to protect the integrity of the wider financial network. Users compare the security measures they have implemented with those detailed in the Customer Security Controls Framework (CSCF). These policies address a subset of SWIFT controls. For more information, visit https://docs.microsoft.com/azure/governance/policy/samples/swift-cscf-v2021'
2022-06-16 16:34:43 add Initiative 7bc7cd6c-4114-ff31-3cac-59be3157596d
Policy count Total Policies: 344
Builtin Policies: 344
Static Policies: 0
Policy used
Policy DisplayName Policy Id Category Effect Roles# Roles State
[Preview]: All Internet traffic should be routed via your deployed Azure Firewall fc5e4038-4584-4632-8c85-c0448d374b2c Network Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 Preview
[Preview]: Log Analytics Extension should be enabled for listed virtual machine images 32133ab0-ee4b-4b44-98d6-042180979d50 Monitoring Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 Preview
[Preview]: Network traffic data collection agent should be installed on Linux virtual machines 04c4380f-3fae-46e8-96c9-30193528f602 Monitoring Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 Preview
[Preview]: Network traffic data collection agent should be installed on Windows virtual machines 2f2ee1de-44aa-4762-b6bd-0893fc3f306d Monitoring Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 Preview
A maximum of 3 owners should be designated for your subscription 4f11b553-d42e-4e3a-89be-32ca364cad4c Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
A vulnerability assessment solution should be enabled on your virtual machines 501541f7-f7e7-4cd6-868c-4190fdad3ac9 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Activity log should be retained for at least one year b02aacc0-b073-424e-8298-42b22829ee0a Monitoring Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Adaptive application controls for defining safe applications should be enabled on your machines 47a6b606-51aa-4496-8bb7-64b11cf66adc Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Adaptive network hardening recommendations should be applied on internet facing virtual machines 08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities 3cf2ab00-13f1-4d0c-8971-2ac904541a7e Guest Configuration Fixed
modify
1 Contributor GA
Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity 497dff13-db2a-4c0f-8603-28fa3b331ab6 Guest Configuration Fixed
modify
1 Contributor GA
Address coding vulnerabilities 318b2bd9-9c39-9f8b-46a7-048401f33476 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Address information security issues 56fb5173-3865-5a5d-5fad-ae33e53e1577 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Adopt biometric authentication mechanisms 7d7a8356-5c34-9a95-3118-1424cfaf192a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Alert personnel of information spillage 9622aaa9-5c49-40e2-5bf8-660b7cd23deb Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
All network ports should be restricted on network security groups associated to your virtual machine 9daedab3-fb2d-461e-b861-71790eead4f6 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Allowlist rules in your adaptive application control policy should be updated 123a3936-f020-408a-ba0c-47873faf1534 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
App Service apps should have resource logs enabled 91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
App Service apps should use a virtual network service endpoint 2d21331d-a4c2-4def-a9ad-ee4e1e023beb Network Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Assess information security events 37b0045b-3887-367b-8b4d-b9a6fa911bb9 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Assess risk in third party relationships 0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Assign account managers 4c6df5ff-4ef2-4f17-a516-0da9189c603b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Audit Linux machines that allow remote connections from accounts without passwords ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Audit Linux machines that do not have the passwd file permissions set to 0644 e6955644-301c-44b5-a4c4-528577de6861 Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Audit Linux machines that have accounts without passwords f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Audit privileged functions f26af0b1-65b6-689a-a03f-352ad2d00f98 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Audit user account status 49c23d9b-02b0-0e42-4f94-e8cef1b8381b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Audit virtual machines without disaster recovery configured 0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Compute Fixed
auditIfNotExists
0 GA
Audit VMs that do not use managed disks 06a78e20-9358-41c9-923c-fb736d382a4d Compute Fixed
audit
0 GA
Audit Windows machines that allow re-use of the previous 24 passwords 5b054a0d-39e2-4d53-bea3-9734cad2c69b Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Audit Windows machines that contain certificates expiring within the specified number of days 1417908b-4bff-46ee-a2a6-4acc899320ab Guest Configuration Fixed
auditIfNotExists
0 GA
Audit Windows machines that do not have a maximum password age of 70 days 4ceb8dc2-559c-478b-a15b-733fbf1e3738 Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Audit Windows machines that do not have a minimum password age of 1 day 237b38db-ca4d-4259-9e47-7882441ca2c0 Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Audit Windows machines that do not have the password complexity setting enabled bf16e0bb-31e1-4646-8202-60a235cc7e74 Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Audit Windows machines that do not restrict the minimum password length to 14 characters a2d0e922-65d0-40c4-8f87-ea6da2d307a2 Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Audit Windows machines that do not store passwords using reversible encryption da0f98fe-a24b-4ad5-af69-bd0400233661 Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Audit Windows VMs with a pending reboot 4221adbc-5c0f-474f-88b7-037a99e6114c Guest Configuration Fixed
auditIfNotExists
0 GA
Authentication to Linux machines should require SSH keys 630c64f9-8b6b-4c64-b511-6544ceff6fd6 Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Authorize access to security functions and information aeed863a-0f56-429f-945d-8bb66bd06841 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Authorize and manage access 50e9324a-7410-0539-0662-2c1e775538b7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Authorize remote access dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Authorize, monitor, and control voip e4e1f896-8a93-1151-43c7-0ad23b081ee2 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Auto provisioning of the Log Analytics agent should be enabled on your subscription 475aae12-b88a-4572-8b36-9b712b2b3a17 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Automate account management 2cc9c165-46bd-9762-5739-d2aae5ba90a1 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Automate process to document implemented changes 43ac3ccb-4ef6-7d63-9a3f-6848485ba4e8 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Automate process to highlight unreviewed change proposals 92b49e92-570f-1765-804a-378e6c592e28 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Automate proposed documented changes 5c40f27b-6791-18c5-3f85-7b863bd99c11 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Automation account variables should be encrypted 3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Azure Backup should be enabled for Virtual Machines 013e242c-8828-4970-87b3-ab247555486d Backup Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Azure DDoS Protection Standard should be enabled a7aca53f-2ed4-4466-a25e-0b45ade68efd Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Azure Defender for App Service should be enabled 2913021d-f2fd-4f3d-b958-22354e2bdbcb Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Azure Defender for Key Vault should be enabled 0e6763cc-5078-4e64-889d-ff4d9a839047 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Azure Defender for servers should be enabled 4da35fc9-c9e7-4960-aec9-797fe7d9051d Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Azure Defender for Storage should be enabled 308fbb08-4ab8-4e67-9b29-592e93fb94fa Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Azure Key Vault should have firewall enabled 55615ac9-af46-4a59-874e-391cc3dfb490 Key Vault Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' 1a4e592a-6a6e-44a5-9814-e36264ca96e7 Monitoring Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Azure Monitor Logs clusters should be created with infrastructure-encryption enabled (double encryption) ea0dfaed-95fb-448c-934e-d6e713ce393d Monitoring Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA
Azure Monitor Logs clusters should be encrypted with customer-managed key 1f68a601-6e6d-4e42-babf-3f643a047ea2 Monitoring Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA
Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace d550e854-df1a-4de9-bf44-cd894b39a95e Monitoring Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA
Azure Monitor should collect activity logs from all regions 41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Monitoring Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Azure Monitor solution 'Security and Audit' must be deployed 3e596b57-105f-48a6-be97-03e9243bad6e Monitoring Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Block untrusted and unsigned processes that run from USB 3d399cf3-8fc6-0efc-6ab0-1412f1198517 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Check for privacy and security compliance before establishing internal connections ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Clear personnel with access to classified information c42f19c9-5d88-92da-0742-371a0ea03126 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Conduct a security impact analysis 203101f5-99a3-1491-1b56-acccd9b66a9e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Conduct backup of information system documentation b269a749-705e-8bff-055a-147744675cdf Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Conduct capacity planning 33602e78-35e3-4f06-17fb-13dd887448e4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Conduct incident response testing 3545c827-26ee-282d-4629-23952a12008b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Conduct Risk Assessment 677e1da4-00c3-287a-563d-f4a1cf9b99a0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Conduct risk assessment and distribute its results d7c1ecc3-2980-a079-1569-91aec8ac4a77 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Conduct risk assessment and document its results 1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Configure actions for noncompliant devices b53aa659-513e-032c-52e6-1ce0ba46582f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Configure workstations to check for digital certificates 26daf649-22d1-97e9-2a8a-01b182194d59 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Control information flow 59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Control physical access 55a7f9a0-6397-7589-05ef-5ed59a8149e7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Coordinate contingency plans with related plans c5784049-959f-6067-420c-f4cefae93076 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Correlate audit records 10874318-0bf7-a41f-8463-03e395482080 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Correlate Vulnerability scan information e3905a3c-97e7-0b4f-15fb-465c0927536f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Create alternative actions for identified anomalies cc2f7339-2fac-1ea9-9ca3-cd530fbb0da2 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Create separate alternate and primary storage sites 81b6267b-97a7-9aa5-51ee-d2584a160424 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Define a physical key management process 51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Define access authorizations to support separation of duties 341bc9f1-7489-07d9-4ec6-971573e1546a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Define and document government oversight cbfa1bd0-714d-8d6f-0480-2ad6a53972df Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Define and enforce conditions for shared and group accounts f7eb1d0b-6d4f-2d59-1591-7563e11a9313 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Define cryptographic use c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Define information system account types 623b5f0a-8cbd-03a6-4892-201d27302f0c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Define organizational requirements for cryptographic key management d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Define requirements for supplying goods and services 2b2f3a72-9e68-3993-2b69-13dcdecf8958 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs 331e8ea8-378a-410f-a2e5-ae22f38bb0da Guest Configuration Fixed
deployIfNotExists
1 Contributor GA
Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs 385f5831-96d4-41db-9a3c-cd3af78aaae6 Guest Configuration Fixed
deployIfNotExists
1 Contributor GA
Deprecated accounts should be removed from your subscription 6b1cbf55-e8b6-442f-ba4c-7246b6381474 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Deprecated accounts with owner permissions should be removed from your subscription ebb62a0c-3560-49e1-89ed-27e074e9f8ad Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Design an access control model 03b6427e-6072-4226-4bd9-a410ab65317e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Detect network services that have not been authorized or approved 86ecd378-a3a0-5d5b-207c-05e6aaca43fc Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Determine assertion requirements 7a0ecd94-3699-5273-76a5-edb8499f655a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Determine auditable events 2f67e567-03db-9d1f-67dc-b6ffb91312f4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Determine supplier contract obligations 67ada943-8539-083d-35d0-7af648974125 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop an incident response plan 2b4e134f-1e4c-2bff-573e-082d85479b6e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop and document a business continuity and disaster recovery plan bd6cbcba-4a2d-507c-53e3-296b5c238a8e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop and document application security requirements 6de65dc4-8b4f-34b7-9290-eb137a2e2929 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop and establish a system security plan b2ea1058-8998-3dd1-84f1-82132ad482fd Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop and maintain a vulnerability management standard 055da733-55c6-9e10-8194-c40731057ec4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop and maintain baseline configurations 2f20840e-7925-221c-725d-757442753e7c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop contingency plan aa305b4d-8c84-1754-0c74-dec004e66be0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop contingency planning policies and procedures 75b42dcf-7840-1271-260b-852273d7906e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop information security policies and procedures af227964-5b8b-22a2-9364-06d2cb9d6d7c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop security safeguards 423f6d9c-0c73-9cc6-64f4-b52242490368 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Disable authenticators upon termination d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Disseminate security alerts to personnel 9c93ef57-7000-63fb-9b74-88f2e17ca5d2 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Distribute authenticators 098dcde7-016a-06c3-0985-0daaf3301d3a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Distribute policies and procedures eff6e4a5-3efe-94dd-2ed1-25d56a019a82 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document access privileges a08b18c7-9e0a-89f1-3696-d80902196719 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document acquisition contract acceptance criteria 0803eaa7-671c-08a7-52fd-ac419f775e75 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document and implement wireless access guidelines 04b3e7f6-4841-888d-4799-cda19a0084f6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document mobility training 83dfb2b8-678b-20a0-4c44-5c75ada023e6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document protection of personal data in acquisition contracts f9ec3263-9562-1768-65a1-729793635a8d Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document protection of security information in acquisition contracts d78f95ba-870a-a500-6104-8a5ce2534f19 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document remote access guidelines 3d492600-27ba-62cc-a1c3-66eb919f6a0d Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document requirements for the use of shared data in contracts 0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document security and privacy training activities 524e7136-9f6a-75ba-9089-501018151346 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document security assurance requirements in acquisition contracts 13efd2d7-3980-a2a4-39d0-527180c009e8 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document security documentation requirements in acquisition contract a465e8e9-0095-85cb-a05f-1dd4960d02af Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document security functional requirements in acquisition contracts 57927290-8000-59bf-3776-90c468ac5b4b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document security operations 2c6bee3a-2180-2430-440d-db3c7a849870 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document security strength requirements in acquisition contracts ebb0ba89-6d8c-84a7-252b-7393881e43de Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document separation of duties e6f7b584-877a-0d69-77d4-ab8b923a9650 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document the information system environment in acquisition contracts c148208b-1a6f-a4ac-7abc-23b1d41121b1 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document the protection of cardholder data in third party contracts 77acc53d-0f67-6e06-7d04-5750653d4629 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Email notification for high severity alerts should be enabled 6e2593d9-add6-4083-9c9b-4b7d2188c899 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Email notification to subscription owner for high severity alerts should be enabled 0b15565f-aa9e-48ba-8619-45960f2c314d Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Employ automatic emergency lighting aa892c0d-2c40-200c-0dd8-eac8c4748ede Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Employ automatic shutdown/restart when violations are detected 1b8a7ec3-11cc-a2d3-8cd0-eedf074424a4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Employ boundary protection to isolate information systems 311802f9-098d-0659-245a-94c5d47c0182 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Employ flow control mechanisms of encrypted information 79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Employ independent team for penetration testing 611ebc63-8600-50b6-a0e3-fef272457132 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Employ least privilege access 1bc7fd64-291f-028e-4ed6-6e07886e163f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Employ restrictions on external system interconnections 80029bc5-834f-3a9c-a2d8-acbc1aab4e9f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Enable network protection 8c255136-994b-9616-79f5-ae87810e0dcf Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Endpoint protection solution should be installed on virtual machine scale sets 26a828e1-e88f-464e-bbb3-c134a282b9de Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Enforce logical access 10c4210b-3ec9-9603-050d-77e4d26c7ebb Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Enforce mandatory and discretionary access control policies b1666a13-8f67-9c47-155e-69e027ff6823 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Enforce random unique session identifiers c7d57a6a-7cc2-66c0-299f-83bf90558f5d Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Enforce security configuration settings 058e9719-1ff9-3653-4230-23f76b6492e0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Ensure access agreements are signed or resigned timely e7589f4e-1e8b-72c2-3692-1e14d7f3699f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Ensure alternate storage site safeguards are equivalent to primary site 178c8b7e-1b6e-4289-44dd-2f1526b678a1 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Ensure external providers consistently meet interests of the customers 3eabed6d-1912-2d3c-858b-f438d08d0412 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Eradicate contaminated information 54a9c072-4a93-2a03-6a43-a060d30383d7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish a configuration control board 7380631c-5bf5-0e3a-4509-0873becd8a63 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish a data leakage management procedure 3c9aa856-6b86-35dc-83f4-bc72cec74dea Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish a password policy d8bbd80e-3bb1-5983-06c2-428526ec6a63 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish a privacy program 39eb03c1-97cc-11ab-0960-6209ed2869f7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish a risk management strategy d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish a secure software development program e750ca06-1824-464a-2cf3-d0fa754d1cb4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish alternate storage site that facilitates recovery operations 245fe58b-96f8-9f1e-48c5-7f49903f66fd Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish alternate storage site to store and retrieve backup information 0a412110-3874-9f22-187a-c7a81c8a6704 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish an alternate processing site af5ff768-a34b-720e-1224-e6b3214f3ba6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish an information security program 84245967-7882-54f6-2d34-85059f725b47 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish and document a configuration management plan 526ed90e-890f-69e7-0386-ba5c0f1f784f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish and document change control processes bd4dc286-2f30-5b95-777c-681f3a7913d3 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish and maintain an asset inventory 27965e62-141f-8cca-426f-d09514ee5216 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish authenticator types and processes 921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish backup policies and procedures 4f23967c-a74b-9a09-9dc2-f566f61a87b9 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish conditions for role membership 97cfd944-6f0c-7db2-3796-8e890ef70819 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish configuration management requirements for developers 8747b573-8294-86a0-8914-49e9b06a5ace Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish firewall and router configuration standards 398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish network segmentation for card holder data environment f476f3b0-4152-526e-a209-44e5f8c968d7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish policies for supply chain risk management 9150259b-617b-596d-3bf5-5ca3fce20335 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish procedures for initial authenticator distribution 35963d41-4263-0ef9-98d5-70eb058f9e3c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish relationship between incident response capability and external providers b470a37a-7a47-3792-34dd-7a793140702e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish requirements for audit review and reporting b3c8cc83-20d3-3890-8bc8-5568777670f4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish requirements for internet service providers 5f2e834d-7e40-a4d5-a216-e49b16955ccf Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish security requirements for the manufacturing of connected devices afbecd30-37ee-a27b-8e09-6ac49951a0ee Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Execute actions in response to information spills ba78efc6-795c-64f4-7a02-91effbd34af9 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
External accounts with owner permissions should be removed from your subscription f8456c1c-aa66-4dfb-861a-25d127b775c9 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
External accounts with read permissions should be removed from your subscription 5f76cf89-fbf2-47fd-a3f4-b891fa780b60 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
External accounts with write permissions should be removed from your subscription 5c607a2e-c700-4744-8254-d77e7c9eb5e4 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Flow logs should be configured for every network security group c251913d-7d24-4958-af87-478ed3b9ba41 Network Default
Audit
Allowed
Audit, Disabled
0 GA
Flow logs should be enabled for every network security group 27960feb-a23c-4577-8d36-ef8b5f35e0be Network Default
Audit
Allowed
Audit, Disabled
0 GA
Geo-redundant storage should be enabled for Storage Accounts bf045164-79ba-4215-8f95-f8048dc1780b Storage Default
Audit
Allowed
Audit, Disabled
0 GA
Identify and authenticate network devices ae5345d5-8dab-086a-7290-db43a3272198 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Identify and manage downstream information exchanges c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Identify and mitigate potential issues at alternate storage site 13939f8c-4cd5-a6db-9af4-9dfec35e3722 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Identify classes of Incidents and Actions taken 23d1a569-2d1e-7f43-9e22-1f94115b7dd5 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Identify incident response personnel 037c0089-6606-2dab-49ad-437005b5035f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement a penetration testing methodology c2eabc28-1e5c-78a2-a712-7cc176c44c07 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement an automated configuration management tool 33832848-42ab-63f3-1a55-c0ad309d44cd Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement controls to secure all media e435f7e3-0dd9-58c9-451f-9b44b96c0232 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement controls to secure alternate work sites cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement incident handling 433de59e-7a53-a766-02c2-f80f8421469a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement managed interface for each external service b262e1dd-08e9-41d4-963a-258909ad794b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement parameters for memorized secret verifiers 3b30aa25-0f19-6c04-5ca4-bd3f880a763d Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement personnel screening e0c480bf-0d68-a42d-4cbb-b60f851f8716 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement physical security for offices, working areas, and secure areas 05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement privileged access for executing vulnerability scanning activities 5b802722-71dd-a13d-2e7e-231e09589efb Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement security engineering principles of information systems df2e9507-169b-4114-3a52-877561ee3198 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement system boundary protection 01ae60e2-38bb-0a32-7b20-d3a091423409 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement the risk management strategy c6fe3856-4635-36b6-983c-070da12a953b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Incorporate flaw remediation into configuration management 34aac8b2-488a-2b96-7280-5b9b481a317a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Incorporate simulated events into incident response training 1fdeb7c4-4c93-8271-a135-17ebe85f1cc7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Information flow control using security policy filters 13ef3484-3a51-785a-9c96-500f21f84edd Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Install an alarm system aa0ddd99-43eb-302d-3f8f-42b499182960 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Integrate audit review, analysis, and reporting f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Integrate cloud app security with a siem 9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Internet-facing virtual machines should be protected with network security groups f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
IP Forwarding on your virtual machine should be disabled bd352bd5-2853-4985-bf0d-73806b4a5744 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Isolate SecurID systems, Security Incident Management systems dd6d00a8-701a-5935-a22b-c7b9c0c698b2 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Issue public key certificates 97d91b33-7050-237b-3e23-a77d57d84e13 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Key Vault should use a virtual network service endpoint ea4d6841-2173-4317-9747-ff522a45120f Network Default
Audit
Allowed
Audit, Disabled
0 GA
Key vaults should have purge protection enabled 0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key Vault Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images 5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Monitoring Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Maintain availability of information 3ad7f0bc-3d03-0585-4d24-529779bb02c2 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Maintain data breach records 0fd1ca29-677b-2f12-1879-639716459160 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Maintain incident response plan 37546841-8ea1-5be0-214d-8ac599588332 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Manage a secure surveillance camera system f2222056-062d-1060-6dc2-0107a68c34b2 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Manage authenticator lifetime and reuse 29363ae1-68cd-01ca-799d-92c9197c8404 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Manage gateways 63f63e71-6c3f-9add-4c43-64de23e554a7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Manage symmetric cryptographic keys 9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Manage system and admin accounts 34d38ea7-6754-1838-7031-d7fd07099821 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Manage the transportation of assets 4ac81669-00e2-9790-8648-71bc11bc91eb Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Management ports of virtual machines should be protected with just-in-time network access control b0f33259-77d7-4c9e-aac6-3aabcfae693c Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
MFA should be enabled for accounts with write permissions on your subscription 9297c21d-2ed6-4474-b48f-163f75654ce3 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
MFA should be enabled on accounts with owner permissions on your subscription aa633080-8b72-40c4-a2d7-d00c03e80bed Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
MFA should be enabled on accounts with read permissions on your subscription e3576e28-8b17-4677-84c3-db2990658d64 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Microsoft Antimalware for Azure should be configured to automatically update protection signatures c43e4a30-77cb-48ab-a4dd-93f175c63b57 Compute Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Microsoft IaaSAntimalware extension should be deployed on Windows servers 9b597639-28e4-48eb-b506-56b05d366257 Compute Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Monitor access across the organization 48c816c5-2190-61fc-8806-25d6f3df162f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Monitor account activity 7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Monitor missing Endpoint Protection in Azure Security Center af6cd1bd-1635-48cb-bde7-5b15693900b9 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Monitor privileged role assignment ed87d27a-9abf-7c71-714c-61d881889da4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Network Watcher flow logs should have traffic analytics enabled 2f080164-9f4d-497e-9db6-416dc9f7b48a Network Default
Audit
Allowed
Audit, Disabled
0 GA
Network Watcher should be enabled b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Non-internet-facing virtual machines should be protected with network security groups bb91dfba-c30d-4263-9add-9c2384e659a6 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Notify personnel of any failed security verification tests 18e9d748-73d4-0c96-55ab-b108bfbd5bc3 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Notify users of system logon or access fe2dff43-0a8c-95df-0432-cb1c794b17d0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Notify when account is not needed 8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Observe and report security weaknesses ff136354-1c92-76dc-2dab-80fb7c6a9f1a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Obtain legal opinion for monitoring system activities d9af7f88-686a-5a8b-704b-eafdab278977 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Perform a privacy impact assessment d18af1ac-0086-4762-6dc8-87cdded90e39 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Perform a risk assessment 8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Perform a trend analysis on threats 50e81644-923d-33fc-6ebb-9733bc8d1a06 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Perform audit for configuration change control 1282809c-9001-176b-4a81-260a085f4872 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Perform security function verification at a defined frequency f30edfad-4e1d-1eef-27ee-9292d6d89842 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Perform threat modeling bf883b14-9c19-0f37-8825-5e39a8b66d5b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Perform vulnerability scans 3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Plan for continuance of essential business functions d9edcea6-6cb8-0266-a48c-2061fbac4310 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Plan for resumption of essential business functions 7ded6497-815d-6506-242b-e043e0273928 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Prepare alternate processing site for use as operational site 0f31d98d-5ce2-705b-4aa5-b4f6705110dd Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Produce, control and distribute asymmetric cryptographic keys de077e7e-0cc8-65a6-6e08-9ab46c827b05 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Produce, control and distribute symmetric cryptographic keys 16c54e01-9e65-7524-7c33-beda48a75779 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Protect audit information 0e696f5a-451f-5c15-5532-044136538491 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Protect data in transit using encryption b11697e8-9515-16f1-7a35-477d5c8a1344 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Protect incident response plan 2401b496-7f23-79b2-9f80-89bb5abf3d4a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Protect passwords with encryption b2d3e5a2-97ab-5497-565a-71172a729d93 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Protect special information a315c657-4a00-8eba-15ac-44692ad24423 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Protect wireless access d42a8f69-a193-6cbc-48b9-04a9e29961f1 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Provide contingency training de936662-13dc-204c-75ec-1af80f994088 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Provide information spillage training 2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Provide monitoring information as needed 7fc1f0da-0050-19bb-3d75-81ae15940df6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Provide periodic role-based security training 9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Provide periodic security awareness training 516be556-1353-080d-2c2f-f46f000d5785 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Provide privacy training 518eafdd-08e5-37a9-795b-15a8d798056d Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Provide real-time alerts for audit event failures 0f4fa857-079d-9d3d-5c49-21f616189e03 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Provide role-based practical exercises d041726f-00e0-41ca-368c-b1a122066482 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Provide role-based security training 4c385143-09fd-3a34-790c-a5fd9ec77ddc Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Provide role-based training on suspicious activities f6794ab8-9a7d-3b24-76ab-265d3646232b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Provide security awareness training for insider threats 9b8b05ec-3d21-215e-5d98-0f7cf0998202 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Provide security training before providing access 2b05dca2-25ec-9335-495c-29155f785082 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Provide security training for new users 1cb7bf71-841c-4741-438a-67c65fdd7194 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Provide updated security awareness training d136ae80-54dd-321c-98b4-17acf4af2169 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Reassign or remove user privileges as needed 7805a343-275c-41be-9d62-7215b96212d8 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Reauthenticate or terminate a user session d6653f89-7cb5-24a4-9d71-51581038231b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Recover and reconstitute resources after any disruption f33c3238-11d2-508c-877c-4262ec1132e1 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Remediate information system flaws be38a620-000b-21cf-3cb3-ea151b704c3b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Require approval for account creation de770ba6-50dd-a316-2932-e0d972eaa734 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Require developers to build security architecture f131c8c5-a54a-4888-1efc-158928924bc1 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Require developers to document approved changes and potential impact 3a868d0c-538f-968b-0191-bddb44da5b75 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Require developers to implement only approved changes 085467a6-9679-5c65-584a-f55acefd0d43 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Require developers to manage change integrity b33d61c1-7463-7025-0ec0-a47585b59147 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Require developers to produce evidence of security assessment plan execution f8a63511-66f1-503f-196d-d6217ee0823a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Require external service providers to comply with security requirements 4e45863d-9ea9-32b4-a204-2680bc6007a6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Rescreen individuals at a defined frequency c6aeb800-0b19-944d-92dc-59b893722329 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Resource logs in Batch accounts should be enabled 428256e6-1fac-4f48-a757-df34c2b3336d Batch Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Resource logs in Key Vault should be enabled cf820ca0-f99e-4f3e-84fb-66e913812d21 Key Vault Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Resource logs in Logic Apps should be enabled 34f95f76-5386-4de7-b824-0d8478470c9d Logic Apps Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Resource logs in Search services should be enabled b4330a05-a843-4bc8-bf9a-cacce50c67f4 Search Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Resource logs in Service Bus should be enabled f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Service Bus Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Resource logs in Virtual Machine Scale Sets should be enabled 7c1b1214-f927-48bf-8882-84f0af6588b1 Compute Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Restore resources to operational state f801d58e-5659-9a4a-6e8d-02c9334732e5 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Restrict access to private keys 8d140e8b-76c7-77de-1d46-ed1b2e112444 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Restrict access to privileged accounts 873895e8-0e3a-6492-42e9-22cd030e9fcd Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Resume all mission and business functions 91a54089-2d69-0f56-62dc-b6371a1671c0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Retain previous versions of baseline configs 5e4e9685-3818-5934-0071-2620c4fa2ca5 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review account provisioning logs a830fe9e-08c9-a4fb-420c-6f6bf1702395 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review administrator assignments weekly f27a298f-9443-014a-0d40-fef12adf0259 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review and update incident response policies and procedures b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review and update physical and environmental policies and procedures 91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review and update risk assessment policies and procedures 20012034-96f0-85c2-4a86-1ae1eb457802 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review audit data 6625638f-3ba1-7404-5983-0ea33d719d34 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review cloud identity report overview 8aec4343-9153-9641-172c-defb201f56b3 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review cloud service provider's compliance with policies and agreements ffea18d9-13de-6505-37f3-4c1f88070ad7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review controlled folder access events f48b60c6-4b37-332f-7288-b6ea50d300eb Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review exploit protection events a30bd8e9-7064-312a-0e1f-e1b485d59f6e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review file and folder activity ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review malware detections report weekly 4a6f5cbd-6c6b-006f-2bb1-091af1441bce Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review role group changes weekly 70fe686f-1f91-7dab-11bf-bca4201e183b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review user accounts 79f081c7-1634-01a1-708e-376197999289 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review user groups and applications with access to sensitive data eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review user privileges f96d2186-79df-262d-3f76-f371e3b71798 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Revoke privileged roles as appropriate 32f22cfa-770b-057c-965b-450898425519 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Route traffic through managed network access points bab9ef1d-a16d-421a-822d-3fa94e808156 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Run simulation attacks a8f9c283-9a66-3eb3-9e10-bdba95b85884 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Saved-queries in Azure Monitor should be saved in customer storage account for logs encryption fa298e57-9444-42ba-bf04-86e8470e32c7 Monitoring Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA
Secure the interface to external systems ff1efad2-6b09-54cc-01bf-d386c4d558a8 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Secure transfer to storage accounts should be enabled 404c3081-a854-4457-ae30-26a93ef643f9 Storage Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Separate duties of individuals 60ee1260-97f0-61bb-8155-5d8b75743655 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Separately store backup information fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Set automated notifications for new and trending cloud applications in your organization af38215f-70c4-0cd6-40c2-c52d86690a45 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Storage account containing the container with activity logs must be encrypted with BYOK fbb99e8e-e444-4da0-9ff1-75c92f5a85b2 Monitoring Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Storage accounts should restrict network access 34c877ad-507e-4c82-993e-3452a6e0ad3c Storage Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Storage Accounts should use a virtual network service endpoint 60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Network Default
Audit
Allowed
Audit, Disabled
0 GA
Subnets should be associated with a Network Security Group e71308d3-144b-4262-b144-efdc3cc90517 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Subscriptions should have a contact email address for security issues 4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
System updates on virtual machine scale sets should be installed c3f317a7-a95c-4547-b7e7-11017ebdf2fe Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
System updates should be installed on your machines 86b3d65f-7626-441e-b690-81a8b71cff60 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
The Log Analytics extension should be installed on Virtual Machine Scale Sets efbde977-ba53-4479-b8e9-10b957924fbf Monitoring Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
There should be more than one owner assigned to your subscription 09024ccc-0c5f-475e-9457-b7c0d9ed487b Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Transfer backup information to an alternate storage site 7bdb79ea-16b8-453e-4ca4-ad5b16012414 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Turn on sensors for endpoint security solution 5fc24b95-53f7-0ed1-2330-701b539b97fe Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Undergo independent security review 9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Update antivirus definitions ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Use automated mechanisms for security alerts b8689b2e-4308-a58b-a0b4-6f3343a000df Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Use privileged identity management e714b481-8fac-64a2-14a9-6f079b2501a4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Verify identity before distributing authenticators 72889284-15d2-90b2-4b39-a1e9541e1152 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Verify software, firmware and information integrity db28735f-518f-870e-15b4-49623cbe3aa0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
View and configure system diagnostic data 0123edae-3567-a05a-9b05-b53ebe9d3e7e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
View and investigate restricted users 98145a9b-428a-7e81-9d14-ebb154a24f93 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources 0961003e-5a0a-4549-abde-af6a37f2724d Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Virtual machines should have the Log Analytics extension installed a70ca396-0a34-413a-88e1-b956c1e683be Monitoring Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
VM Image Builder templates should use private link 2154edb9-244f-4741-9970-660785bccdaa VM Image Builder Default
Audit
Allowed
Audit, Disabled, Deny
0 GA
Vulnerabilities in container security configurations should be remediated e8cbc669-f12d-49eb-93e7-9273119e9933 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Vulnerabilities in security configuration on your machines should be remediated e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Vulnerabilities in security configuration on your virtual machine scale sets should be remediated 3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Windows machines should meet requirements for 'Security Options - Interactive Logon' d472d2c9-d6a3-4500-9f5f-b15f123005aa Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Windows web servers should be configured to use secure communication protocols 5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Roles used Total Roles usage: 4
Total Roles unique usage: 1
Role Role Id Policies count Policies
Contributor b24988ac-6180-42a0-ab88-20f7382dd24c 4 Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities, Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity, Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs, Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs
JSON