last sync: 2022-Dec-02 17:43:04 UTC

Azure Policy Initiative

HITRUST/HIPAA

NameHITRUST/HIPAA
Azure Portal
Ida169a624-5599-4385-a696-c8d643089fab
Version14.0.0
details on versioning
CategoryRegulatory Compliance
Microsoft docs
DescriptionHealth Information Trust Alliance (HITRUST) helps organizations from all sectors-but especially healthcare-effectively manage data, information risk, and compliance. HITRUST certification means that the organization has undergone a thorough assessment of the information security program. These policies address a subset of HITRUST controls. For more information, visit https://docs.microsoft.com/azure/governance/policy/samples/hipaa-hitrust-9-2
TypeBuiltIn
DeprecatedFalse
PreviewFalse
History
Date/Time (UTC ymd) (i) Changes
2022-09-27 16:35:21 add Policy Coordinate with external organizations to achieve cross org perspective (d4e6a629-28eb-79a9-000b-88030e4823ca)
add Policy Implement security directives (26d178a4-9261-6f04-a100-47ed85314c6e)
add Policy Reassign or remove user privileges as needed (7805a343-275c-41be-9d62-7215b96212d8)
add Policy Review and update identification and authentication policies and procedures (29acfac0-4bb4-121b-8283-8943198b1549)
add Policy Configure actions for noncompliant devices (b53aa659-513e-032c-52e6-1ce0ba46582f)
add Policy Review threat protection status weekly (fad161f5-5261-401a-22dd-e037bae011bd)
add Policy Review user groups and applications with access to sensitive data (eb1c944e-0e94-647b-9b7e-fdb8d2af0838)
add Policy Specify permitted actions associated with customer audit information (3eecf628-a1c8-1b48-1b5c-7ca781e97970)
add Policy Enforce random unique session identifiers (c7d57a6a-7cc2-66c0-299f-83bf90558f5d)
add Policy Update contingency plan (14a4fd0a-9100-1e12-1362-792014a28155)
add Policy Conduct risk assessment and document its results (1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68)
add Policy Set automated notifications for new and trending cloud applications in your organization (af38215f-70c4-0cd6-40c2-c52d86690a45)
add Policy Employ restrictions on external system interconnections (80029bc5-834f-3a9c-a2d8-acbc1aab4e9f)
add Policy Document organizational access agreements (c981fa70-2e58-8141-1457-e7f62ebc2ade)
add Policy Develop and document application security requirements (6de65dc4-8b4f-34b7-9290-eb137a2e2929)
add Policy Record disclosures of PII to third parties (8b1da407-5e60-5037-612e-2caa1b590719)
add Policy Review and update incident response policies and procedures (b28c8687-4bbd-8614-0b96-cdffa1ac6d9c)
add Policy Employ FIPS 201-approved technology for PIV (8b333332-6efd-7c0d-5a9f-d1eb95105214)
add Policy Create separate alternate and primary storage sites (81b6267b-97a7-9aa5-51ee-d2584a160424)
add Policy Appoint a senior information security officer (c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928)
add Policy Limit privileges to make changes in production environment (2af551d5-1775-326a-0589-590bfb7e9eb2)
add Policy Retain terminated user data (7c7032fe-9ce6-9092-5890-87a1a3755db1)
add Policy Require developers to provide training (676c3c35-3c36-612c-9523-36d266a65000)
add Policy Provide contingency training (de936662-13dc-204c-75ec-1af80f994088)
add Policy Issue public key certificates (97d91b33-7050-237b-3e23-a77d57d84e13)
add Policy Define a physical key management process (51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7)
add Policy Establish a discrete line item in budgeting documentation (06af77de-02ca-0f3e-838a-a9420fe466f5)
add Policy Undergo independent security review (9b55929b-0101-47c0-a16e-d6ac5c7d21f8)
add Policy Manage contacts for authorities and special interest groups (5269d7e4-3768-501d-7e46-66c56c15622c)
add Policy Evaluate and review PII holdings regularly (b6b32f80-a133-7600-301e-398d688e7e0c)
add Policy Authenticate to cryptographic module (6f1de470-79f3-1572-866e-db0771352fc8)
add Policy Terminate user session automatically (4502e506-5f35-0df4-684f-b326e3cc7093)
add Policy Audit privileged functions (f26af0b1-65b6-689a-a03f-352ad2d00f98)
add Policy Issue guidelines for ensuring data quality and integrity (0a24f5dc-8c40-94a7-7aee-bb7cd4781d37)
add Policy Assign risk designations (b7897ddc-9716-2460-96f7-7757ad038cc4)
add Policy Review label activity and analytics (e23444b9-9662-40f3-289e-6d25c02b48fa)
add Policy Update interconnection security agreements (d48a6f19-a284-6fc6-0623-3367a74d3f50)
add Policy Identify and mitigate potential issues at alternate storage site (13939f8c-4cd5-a6db-9af4-9dfec35e3722)
add Policy Define and enforce conditions for shared and group accounts (f7eb1d0b-6d4f-2d59-1591-7563e11a9313)
add Policy Retain training records (3153d9c0-2584-14d3-362d-578b01358aeb)
add Policy Remove or redact any PII (94c842e3-8098-38f9-6d3f-8872b790527d)
add Policy Deliver security assessment results (8e49107c-3338-40d1-02aa-d524178a2afe)
add Policy Block untrusted and unsigned processes that run from USB (3d399cf3-8fc6-0efc-6ab0-1412f1198517)
add Policy Manage availability and capacity (edcc36f1-511b-81e0-7125-abee29752fe7)
add Policy Document remote access guidelines (3d492600-27ba-62cc-a1c3-66eb919f6a0d)
add Policy Route traffic through managed network access points (bab9ef1d-a16d-421a-822d-3fa94e808156)
add Policy Enforce appropriate usage of all accounts (fd81a1b3-2d7a-107c-507e-29b87d040c19)
add Policy Assess information security events (37b0045b-3887-367b-8b4d-b9a6fa911bb9)
add Policy Enforce software execution privileges (68d2e478-3b19-23eb-1357-31b296547457)
add Policy Establish requirements for audit review and reporting (b3c8cc83-20d3-3890-8bc8-5568777670f4)
add Policy Establish a threat intelligence program (b0e3035d-6366-2e37-796e-8bcab9c649e6)
add Policy Review user accounts (79f081c7-1634-01a1-708e-376197999289)
add Policy Modify access authorizations upon personnel transfer (979ed3b6-83f9-26bc-4b86-5b05464700bf)
add Policy Employ independent assessors to conduct security control assessments (b65c5d8e-9043-9612-2c17-65f231d763bb)
add Policy Review security testing, training, and monitoring plans (c3b3cc61-9c70-5d78-7f12-1aefcc477db7)
add Policy Establish voip usage restrictions (68a39c2b-0f17-69ee-37a3-aa10f9853a08)
add Policy Ensure there are no unencrypted static authenticators (eda0cbb7-6043-05bf-645b-67411f1a59b3)
add Policy Establish and maintain an asset inventory (27965e62-141f-8cca-426f-d09514ee5216)
add Policy Accept assessment results (3054c74b-9b45-2581-56cf-053a1a716c39)
add Policy Identify classes of Incidents and Actions taken (23d1a569-2d1e-7f43-9e22-1f94115b7dd5)
add Policy Establish procedures for initial authenticator distribution (35963d41-4263-0ef9-98d5-70eb058f9e3c)
add Policy Restrict communications (5020f3f4-a579-2f28-72a8-283c5a0b15f9)
add Policy Execute actions in response to information spills (ba78efc6-795c-64f4-7a02-91effbd34af9)
add Policy Review role group changes weekly (70fe686f-1f91-7dab-11bf-bca4201e183b)
add Policy Monitor account activity (7b28ba4f-0a87-46ac-62e1-46b7c09202a8)
add Policy Update organizational access agreements (e21f91d1-2803-0282-5f2d-26ebc4b170ef)
add Policy Develop SSP that meets criteria (6b957f60-54cd-5752-44d5-ff5a64366c93)
add Policy Provide privacy notice (098a7b84-1031-66d8-4e78-bd15b5fd2efb)
add Policy Not allow for information systems to accompany with individuals (41172402-8d73-64c7-0921-909083c086b0)
add Policy Coordinate contingency plans with related plans (c5784049-959f-6067-420c-f4cefae93076)
add Policy Keep accurate accounting of disclosures of information (0bbfd658-93ab-6f5e-1e19-3c1c1da62d01)
add Policy Select additional testing for security control assessments (f78fc35e-1268-0bca-a798-afcba9d2330a)
add Policy Establish a privacy program (39eb03c1-97cc-11ab-0960-6209ed2869f7)
add Policy Review and update planning policies and procedures (28aa060e-25c7-6121-05d8-a846f11433df)
add Policy Document security documentation requirements in acquisition contract (a465e8e9-0095-85cb-a05f-1dd4960d02af)
add Policy Verify security functions (ece8bb17-4080-5127-915f-dc7267ee8549)
add Policy Manage Authenticators (4aacaec9-0628-272c-3e83-0d68446694e0)
add Policy Alert personnel of information spillage (9622aaa9-5c49-40e2-5bf8-660b7cd23deb)
add Policy Update POA&M items (cc057769-01d9-95ad-a36f-1e62a7f9540b)
add Policy Align business objectives and IT goals (ab02bb73-4ce1-89dd-3905-d93042809ba0)
add Policy Notify when account is not needed (8489ff90-8d29-61df-2d84-f9ab0f4c5e84)
add Policy Establish a configuration control board (7380631c-5bf5-0e3a-4509-0873becd8a63)
add Policy Provide security training before providing access (2b05dca2-25ec-9335-495c-29155f785082)
add Policy Document access privileges (a08b18c7-9e0a-89f1-3696-d80902196719)
add Policy Publish SORNs for systems containing PII (898a5781-2254-5a37-34c7-d78ea7c20d55)
add Policy Develop contingency planning policies and procedures (75b42dcf-7840-1271-260b-852273d7906e)
add Policy Integrate audit review, analysis, and reporting (f741c4e6-41eb-15a4-25a2-61ac7ca232f0)
add Policy Review and update system and communications protection policies and procedures (adf517f3-6dcd-3546-9928-34777d0c277e)
add Policy Generate error messages (c2cb4658-44dc-9d11-3dad-7c6802dd5ba3)
add Policy Separate user and information system management functionality (8a703eb5-4e53-701b-67e4-05ba2f7930c8)
add Policy Document security functional requirements in acquisition contracts (57927290-8000-59bf-3776-90c468ac5b4b)
add Policy Document the legal basis for processing personal information (79c75b38-334b-1a69-65e0-a9d929a42f75)
add Policy Automate account management (2cc9c165-46bd-9762-5739-d2aae5ba90a1)
add Policy Automate approval request for proposed changes (575ed5e8-4c29-99d0-0e4d-689fb1d29827)
add Policy Produce complete records of remote maintenance activities (74041cfe-3f87-1d17-79ec-34ca5f895542)
add Policy Establish a risk management strategy (d36700f2-2f0d-7c2a-059c-bdadd1d79f70)
add Policy Assess risk in third party relationships (0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08)
add Policy Control information flow (59bedbdc-0ba9-39b9-66bb-1d1c192384e6)
add Policy Incorporate simulated events into incident response training (1fdeb7c4-4c93-8271-a135-17ebe85f1cc7)
add Policy Review and update physical and environmental policies and procedures (91cf132e-0c9f-37a8-a523-dc6a92cd2fb2)
add Policy View and investigate restricted users (98145a9b-428a-7e81-9d14-ebb154a24f93)
add Policy Develop audit and accountability policies and procedures (a28323fe-276d-3787-32d2-cef6395764c4)
add Policy Review access control policies and procedures (03d550b4-34ee-03f4-515f-f2e2faf7a413)
add Policy Communicate contingency plan changes (a1334a65-2622-28ee-5067-9d7f5b915cc5)
add Policy Develop an incident response plan (2b4e134f-1e4c-2bff-573e-082d85479b6e)
add Policy Transfer backup information to an alternate storage site (7bdb79ea-16b8-453e-4ca4-ad5b16012414)
add Policy Perform audit for configuration change control (1282809c-9001-176b-4a81-260a085f4872)
add Policy Restrict use of open source software (08c11b48-8745-034d-1c1b-a144feec73b9)
add Policy Enforce security configuration settings (058e9719-1ff9-3653-4230-23f76b6492e0)
add Policy Document protection of personal data in acquisition contracts (f9ec3263-9562-1768-65a1-729793635a8d)
add Policy Provide security awareness training for insider threats (9b8b05ec-3d21-215e-5d98-0f7cf0998202)
add Policy Integrate risk management process into SDLC (00f12b6f-10d7-8117-9577-0f2b76488385)
add Policy Protect administrator and user documentation (09960521-759e-5d12-086f-4192a72a5e92)
add Policy Ensure external providers consistently meet interests of the customers (3eabed6d-1912-2d3c-858b-f438d08d0412)
add Policy Require developer to identify SDLC ports, protocols, and services (f6da5cca-5795-60ff-49e1-4972567815fe)
add Policy Review and update information integrity policies and procedures (6bededc0-2985-54d5-4158-eb8bad8070a0)
add Policy Define the duties of processors (52375c01-4d4c-7acc-3aa4-5b3d53a047ec)
add Policy Develop contingency plan (aa305b4d-8c84-1754-0c74-dec004e66be0)
add Policy Notify personnel upon sanctions (6228396e-2ace-7ca5-3247-45767dbf52f4)
add Policy Verify identity before distributing authenticators (72889284-15d2-90b2-4b39-a1e9541e1152)
add Policy Employ least privilege access (1bc7fd64-291f-028e-4ed6-6e07886e163f)
add Policy Develop an enterprise architecture (57adc919-9dca-817c-8197-64d812070316)
add Policy Establish relationship between incident response capability and external providers (b470a37a-7a47-3792-34dd-7a793140702e)
add Policy Identify and authenticate non-organizational users (e1379836-3492-6395-451d-2f5062e14136)
add Policy Adjust level of audit review, analysis, and reporting (de251b09-4a5e-1204-4bef-62ac58d47999)
add Policy Prevent split tunneling for remote devices (66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8)
add Policy Publish Computer Matching Agreements on public website (cdcb825f-a0fb-31f9-29c1-ab566718499a)
add Policy Authorize, monitor, and control voip (e4e1f896-8a93-1151-43c7-0ad23b081ee2)
add Policy Develop POA&M (477bd136-7dd9-55f8-48ac-bae096b86a07)
add Policy Produce, control and distribute symmetric cryptographic keys (16c54e01-9e65-7524-7c33-beda48a75779)
add Policy Govern the allocation of resources (33d34fac-56a8-1c0f-0636-3ed94892a709)
add Policy Identify status of individual users (ca748dfe-3e28-1d18-4221-89aea30aa0a5)
add Policy Govern and monitor audit processing activities (333b4ada-4a02-0648-3d4d-d812974f1bb2)
add Policy Employ flow control mechanisms of encrypted information (79365f13-8ba4-1f6c-2ac4-aa39929f56d0)
add Policy Perform a trend analysis on threats (50e81644-923d-33fc-6ebb-9733bc8d1a06)
add Policy Establish and document change control processes (bd4dc286-2f30-5b95-777c-681f3a7913d3)
add Policy Protect against and prevent data theft from departing employees (80a97208-264e-79da-0cc7-4fca179a0c9c)
add Policy Document and distribute a privacy policy (ee67c031-57fc-53d0-0cca-96c4c04345e8)
add Policy Generate internal security alerts (171e377b-5224-4a97-1eaa-62a3b5231dac)
add Policy Support personal verification credentials issued by legal authorities (1d39b5d9-0392-8954-8359-575ce1957d1a)
add Policy Establish a data leakage management procedure (3c9aa856-6b86-35dc-83f4-bc72cec74dea)
add Policy Document the protection of cardholder data in third party contracts (77acc53d-0f67-6e06-7d04-5750653d4629)
add Policy Establish a secure software development program (e750ca06-1824-464a-2cf3-d0fa754d1cb4)
add Policy Ensure resources are authorized (0716f0f5-4955-2ccb-8d5e-c6be14d57c0f)
add Policy Run simulation attacks (a8f9c283-9a66-3eb3-9e10-bdba95b85884)
add Policy Document wireless access security controls (8f835d6a-4d13-9a9c-37dc-176cebd37fda)
add Policy Protect incident response plan (2401b496-7f23-79b2-9f80-89bb5abf3d4a)
add Policy Conduct incident response testing (3545c827-26ee-282d-4629-23952a12008b)
add Policy Establish privacy requirements for contractors and service providers (f8d141b7-4e21-62a6-6608-c79336e36bc9)
add Policy Implement formal sanctions process (5decc032-95bd-2163-9549-a41aba83228e)
add Policy Document separation of duties (e6f7b584-877a-0d69-77d4-ab8b923a9650)
add Policy Define organizational requirements for cryptographic key management (d661e9eb-4e15-5ba1-6f02-cdc467db0d6c)
add Policy Establish third-party personnel security requirements (3881168c-5d38-6f04-61cc-b5d87b2c4c58)
add Policy Obtain consent prior to collection or processing of personal data (069101ac-4578-31da-0cd4-ff083edd3eb4)
add Policy Review and reevaluate privileges (585af6e9-90c0-4575-67a7-2f9548972e32)
add Policy Perform all non-local maintenance (5bac5fb7-7735-357b-767d-02264bfe5c3b)
add Policy Reissue authenticators for changed groups and accounts (2f204e72-1896-3bf8-75c9-9128b8683a36)
add Policy Require developers to document approved changes and potential impact (3a868d0c-538f-968b-0191-bddb44da5b75)
add Policy Manage authenticator lifetime and reuse (29363ae1-68cd-01ca-799d-92c9197c8404)
add Policy Perform a risk assessment (8c5d3d8d-5cba-0def-257c-5ab9ea9644dc)
add Policy Remediate information system flaws (be38a620-000b-21cf-3cb3-ea151b704c3b)
add Policy Provide privacy training (518eafdd-08e5-37a9-795b-15a8d798056d)
add Policy Manage gateways (63f63e71-6c3f-9add-4c43-64de23e554a7)
add Policy Review and update the events defined in AU-02 (a930f477-9dcb-2113-8aa7-45bb6fc90861)
add Policy Implement a penetration testing methodology (c2eabc28-1e5c-78a2-a712-7cc176c44c07)
add Policy Define and enforce the limit of concurrent sessions (d8350d4c-9314-400b-288f-20ddfce04fbd)
add Policy Provide timely maintenance support (eb598832-4bcc-658d-4381-3ecbe17b9866)
add Policy Protect passwords with encryption (b2d3e5a2-97ab-5497-565a-71172a729d93)
add Policy Accept only FICAM-approved third-party credentials (2d2ca910-7957-23ee-2945-33f401606efc)
add Policy Manage the transportation of assets (4ac81669-00e2-9790-8648-71bc11bc91eb)
add Policy Establish alternate storage site to store and retrieve backup information (0a412110-3874-9f22-187a-c7a81c8a6704)
add Policy Develop a concept of operations (CONOPS) (e7422f08-65b4-50e4-3779-d793156e0079)
add Policy Employ automatic shutdown/restart when violations are detected (1b8a7ec3-11cc-a2d3-8cd0-eedf074424a4)
add Policy Manage symmetric cryptographic keys (9c276cf3-596f-581a-7fbd-f5e46edaa0f4)
add Policy Review development process, standards and tools (1e876c5c-0f2a-8eb6-69f7-5f91e7918ed6)
add Policy Establish terms and conditions for accessing resources (3c93dba1-84fd-57de-33c7-ef0400a08134)
add Policy Identify external service providers (46ab2c5e-6654-1f58-8c83-e97a44f39308)
add Policy Provide formal notice to individuals (95eb7d09-9937-5df9-11d9-20317e3f60df)
add Policy Establish requirements for internet service providers (5f2e834d-7e40-a4d5-a216-e49b16955ccf)
add Policy Maintain separate execution domains for running processes (bfc540fe-376c-2eef-4355-121312fa4437)
add Policy Implement an automated configuration management tool (33832848-42ab-63f3-1a55-c0ad309d44cd)
add Policy Document security operations (2c6bee3a-2180-2430-440d-db3c7a849870)
add Policy Review and sign revised rules of behavior (6c0a312f-04c5-5c97-36a5-e56763a02b6b)
add Policy Obtain legal opinion for monitoring system activities (d9af7f88-686a-5a8b-704b-eafdab278977)
add Policy Identify incident response personnel (037c0089-6606-2dab-49ad-437005b5035f)
add Policy Develop configuration item identification plan (836f8406-3b8a-11bb-12cb-6c7fa0765668)
add Policy Use system clocks for audit records (1ee4c7eb-480a-0007-77ff-4ba370776266)
add Policy Review exploit protection events (a30bd8e9-7064-312a-0e1f-e1b485d59f6e)
add Policy Authorize access to security functions and information (aeed863a-0f56-429f-945d-8bb66bd06841)
add Policy Define access authorizations to support separation of duties (341bc9f1-7489-07d9-4ec6-971573e1546a)
add Policy Define and document government oversight (cbfa1bd0-714d-8d6f-0480-2ad6a53972df)
add Policy Develop and maintain a vulnerability management standard (055da733-55c6-9e10-8194-c40731057ec4)
add Policy Implement parameters for memorized secret verifiers (3b30aa25-0f19-6c04-5ca4-bd3f880a763d)
add Policy Perform information input validation (8b1f29eb-1b22-4217-5337-9207cb55231e)
add Policy Conduct a security impact analysis (203101f5-99a3-1491-1b56-acccd9b66a9e)
add Policy Implement physical security for offices, working areas, and secure areas (05ec66a2-137c-14b8-8e75-3d7a2bef07f8)
add Policy Establish a password policy (d8bbd80e-3bb1-5983-06c2-428526ec6a63)
add Policy Define acceptable and unacceptable mobile code technologies (1afada58-8b34-7ac2-a38a-983218635201)
add Policy Automate proposed documented changes (5c40f27b-6791-18c5-3f85-7b863bd99c11)
add Policy Define requirements for supplying goods and services (2b2f3a72-9e68-3993-2b69-13dcdecf8958)
add Policy Implement managed interface for each external service (b262e1dd-08e9-41d4-963a-258909ad794b)
add Policy Establish security requirements for the manufacturing of connected devices (afbecd30-37ee-a27b-8e09-6ac49951a0ee)
add Policy Conduct risk assessment and distribute its results (d7c1ecc3-2980-a079-1569-91aec8ac4a77)
add Policy Restrict access to privileged accounts (873895e8-0e3a-6492-42e9-22cd030e9fcd)
add Policy Determine auditable events (2f67e567-03db-9d1f-67dc-b6ffb91312f4)
add Policy Require use of individual authenticators (08ad71d0-52be-6503-4908-e015460a16ae)
add Policy Establish terms and conditions for processing resources (5715bf33-a5bd-1084-4e19-bc3c83ec1c35)
add Policy Obtain functional properties of security controls (44b71aa8-099d-8b97-1557-0e853ec38e0d)
add Policy Employ business case to record the resources required (2d14ff7e-6ff9-838c-0cde-4962ccdb1689)
add Policy Produce Security Assessment report (70a7a065-a060-85f8-7863-eb7850ed2af9)
add Policy Define mobile device requirements (9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4)
add Policy Automate flaw remediation (a90c4d44-7fac-8e02-6d5b-0d92046b20e6)
add Policy Conform to FICAM-issued profiles (a8df9c78-4044-98be-2c05-31a315ac8957)
add Policy Track software license usage (77cc89bb-774f-48d7-8a84-fb8c322c3000)
add Policy Test the business continuity and disaster recovery plan (58a51cde-008b-1a5d-61b5-d95849770677)
add Policy Document third-party personnel security requirements (b320aa42-33b4-53af-87ce-100091d48918)
add Policy Employ independent assessors for continuous monitoring (3baee3fd-30f5-882c-018c-cc78703a0106)
add Policy Review and update the information security architecture (ced291b8-1d3d-7e27-40cf-829e9dd523c8)
add Policy Use automated mechanisms for security alerts (b8689b2e-4308-a58b-a0b4-6f3343a000df)
add Policy Establish configuration management requirements for developers (8747b573-8294-86a0-8914-49e9b06a5ace)
add Policy Require developers to produce evidence of security assessment plan execution (f8a63511-66f1-503f-196d-d6217ee0823a)
add Policy Distribute information system documentation (84a01872-5318-049e-061e-d56734183e84)
add Policy Recover and reconstitute resources after any disruption (f33c3238-11d2-508c-877c-4262ec1132e1)
add Policy Conduct capacity planning (33602e78-35e3-4f06-17fb-13dd887448e4)
add Policy Keep SORNs updated (3bd4e0af-7cbb-a3ec-4918-056a3c017ae2)
add Policy Require developers to describe accurate security functionality (3e37c891-840c-3eb4-78d2-e2e0bb5063e0)
add Policy Determine information protection needs (dbcef108-7a04-38f5-8609-99da110a2a57)
add Policy Implement cryptographic mechanisms (10c3a1b1-29b0-a2d5-8f4c-a284b0f07830)
add Policy Manage maintenance personnel (b273f1e3-79e7-13ee-5b5d-dca6c66c3d5d)
add Policy Implement a threat awareness program (015b4935-448a-8684-27c0-d13086356c33)
add Policy Make SORNs available publicly (f3c17714-8ce7-357f-4af2-a0baa63a063f)
add Policy Protect audit information (0e696f5a-451f-5c15-5532-044136538491)
add Policy Require third-party providers to comply with personnel security policies and procedures (e8c31e15-642d-600f-78ab-bad47a5787e6)
add Policy Obtain Admin documentation (3f1216b0-30ee-1ac9-3899-63eb744e85f5)
add Policy Perform a privacy impact assessment (d18af1ac-0086-4762-6dc8-87cdded90e39)
add Policy Maintain list of authorized remote maintenance personnel (4ce91e4e-6dab-3c46-011a-aa14ae1561bf)
add Policy Protect special information (a315c657-4a00-8eba-15ac-44692ad24423)
add Policy Review file and folder activity (ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba)
add Policy Automate privacy controls (b9d45adb-471b-56a5-64d2-5b241f126174)
add Policy Implement controls to secure alternate work sites (cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e)
add Policy Ensure security safeguards not needed when the individuals return (1fdf0b24-4043-3c55-357e-036985d50b52)
add Policy Update privacy plan, policies, and procedures (96333008-988d-4add-549b-92b3a8c42063)
add Policy Prevent identifier reuse for the defined time period (4781e5fd-76b8-7d34-6df3-a0a7fca47665)
add Policy Automate implementation of approved change notifications (c72fc0c8-2df8-7506-30be-6ba1971747e1)
add Policy Implement Incident handling capability (98e33927-8d7f-6d5f-44f5-2469b40b7215)
add Policy Require developers to manage change integrity (b33d61c1-7463-7025-0ec0-a47585b59147)
add Policy Configure detection whitelist (2927e340-60e4-43ad-6b5f-7a1468232cc2)
add Policy Discover any indicators of compromise (07b42fb5-027e-5a3c-4915-9d9ef3020ec7)
add Policy Review contingency plan (53fc1282-0ee3-2764-1319-e20143bb0ea5)
add Policy Establish information security workforce development and improvement program (b544f797-a73b-1be3-6d01-6b1a085376bc)
add Policy Clear personnel with access to classified information (c42f19c9-5d88-92da-0742-371a0ea03126)
add Policy Perform security function verification at a defined frequency (f30edfad-4e1d-1eef-27ee-9292d6d89842)
add Policy Document the information system environment in acquisition contracts (c148208b-1a6f-a4ac-7abc-23b1d41121b1)
add Policy Update rules of behavior and access agreements (6610f662-37e9-2f71-65be-502bdc2f554d)
add Policy Facilitate information sharing (a44c9fba-43f8-4b7b-7ee6-db52c96b4366)
add Policy Eradicate contaminated information (54a9c072-4a93-2a03-6a43-a060d30383d7)
add Policy Document security and privacy training activities (524e7136-9f6a-75ba-9089-501018151346)
add Policy Turn on sensors for endpoint security solution (5fc24b95-53f7-0ed1-2330-701b539b97fe)
add Policy Notify Account Managers of customer controlled accounts (4b8fd5da-609b-33bf-9724-1c946285a14c)
add Policy Reevaluate access upon personnel transfer (e89436d8-6a93-3b62-4444-1d2a42ad56b2)
add Policy Establish usage restrictions for mobile code technologies (ffdaa742-0d6f-726f-3eac-6e6c34e36c93)
add Policy Review and update system and services acquisition policies and procedures (f49925aa-9b11-76ae-10e2-6e973cc60f37)
add Policy Verify software, firmware and information integrity (db28735f-518f-870e-15b4-49623cbe3aa0)
add Policy Govern compliance of cloud service providers (5c33538e-02f8-0a7f-998b-a4c1e22076d3)
add Policy Determine assertion requirements (7a0ecd94-3699-5273-76a5-edb8499f655a)
add Policy Train staff on PII sharing and its consequences (8019d788-713d-90a1-5570-dac5052f517d)
add Policy Establish an alternate processing site (af5ff768-a34b-720e-1224-e6b3214f3ba6)
add Policy Update antivirus definitions (ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65)
add Policy Document personnel acceptance of privacy requirements (271a3e58-1b38-933d-74c9-a580006b80aa)
add Policy Obtain approvals for acquisitions and outsourcing (92b94485-1c49-3350-9ada-dffe94f08e87)
add Policy Design an access control model (03b6427e-6072-4226-4bd9-a410ab65317e)
add Policy Develop acceptable use policies and procedures (42116f15-5665-a52a-87bb-b40e64c74b6c)
add Policy Provide role-based security training (4c385143-09fd-3a34-790c-a5fd9ec77ddc)
add Policy Determine supplier contract obligations (67ada943-8539-083d-35d0-7af648974125)
add Policy Correlate audit records (10874318-0bf7-a41f-8463-03e395482080)
add Policy Ensure audit records are not altered (27ce30dd-3d56-8b54-6144-e26d9a37a541)
add Policy Protect data in transit using encryption (b11697e8-9515-16f1-7a35-477d5c8a1344)
add Policy Review account provisioning logs (a830fe9e-08c9-a4fb-420c-6f6bf1702395)
add Policy Manage the input, output, processing, and storage of data (e603da3a-8af7-4f8a-94cb-1bcc0e0333d2)
add Policy Require approval for account creation (de770ba6-50dd-a316-2932-e0d972eaa734)
add Policy Ensure authorized users protect provided authenticators (37dbe3dc-0e9c-24fa-36f2-11197cbfa207)
add Policy Control physical access (55a7f9a0-6397-7589-05ef-5ed59a8149e7)
add Policy Document acquisition contract acceptance criteria (0803eaa7-671c-08a7-52fd-ac419f775e75)
add Policy Assess Security Controls (c423e64d-995c-9f67-0403-b540f65ba42a)
add Policy Conduct Risk Assessment (677e1da4-00c3-287a-563d-f4a1cf9b99a0)
add Policy Perform a business impact assessment and application criticality assessment (cb8841d4-9d13-7292-1d06-ba4d68384681)
add Policy Explicitly notify use of collaborative computing devices (62fa14f0-4cbe-762d-5469-0899a99b98aa)
add Policy Perform vulnerability scans (3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f)
add Policy Develop information security policies and procedures (af227964-5b8b-22a2-9364-06d2cb9d6d7c)
add Policy Develop security assessment plan (1c258345-5cd4-30c8-9ef3-5ee4dd5231d6)
add Policy Define information system account types (623b5f0a-8cbd-03a6-4892-201d27302f0c)
add Policy Address coding vulnerabilities (318b2bd9-9c39-9f8b-46a7-048401f33476)
add Policy Review controlled folder access events (f48b60c6-4b37-332f-7288-b6ea50d300eb)
add Policy Provide capability to disconnect or disable remote access (4edaca8c-0912-1ac5-9eaa-6a1057740fae)
add Policy Adopt biometric authentication mechanisms (7d7a8356-5c34-9a95-3118-1424cfaf192a)
add Policy Notify upon termination or transfer (c79d378a-2521-822a-0407-57454f8d2c74)
add Policy Document security strength requirements in acquisition contracts (ebb0ba89-6d8c-84a7-252b-7393881e43de)
add Policy Identify actions allowed without authentication (92a7591f-73b3-1173-a09c-a08882d84c70)
add Policy Manage compliance activities (4e400494-53a5-5147-6f4d-718b539c7394)
add Policy Verify security controls for external information systems (dc7ec756-221c-33c8-0afe-c48e10e42321)
add Policy Perform threat modeling (bf883b14-9c19-0f37-8825-5e39a8b66d5b)
add Policy Implement security engineering principles of information systems (df2e9507-169b-4114-3a52-877561ee3198)
add Policy Review and update system maintenance policies and procedures (2067b904-9552-3259-0cdd-84468e284b7c)
add Policy Retain security policies and procedures (efef28d0-3226-966a-a1e8-70e89c1b30bc)
add Policy Incorporate flaw remediation into configuration management (34aac8b2-488a-2b96-7280-5b9b481a317a)
add Policy Review user privileges (f96d2186-79df-262d-3f76-f371e3b71798)
add Policy Protect wireless access (d42a8f69-a193-6cbc-48b9-04a9e29961f1)
add Policy Document process to ensure integrity of PII (18e7906d-4197-20fa-2f14-aaac21864e71)
add Policy Monitor third-party provider compliance (f8ded0c6-a668-9371-6bb6-661d58787198)
add Policy Authorize remote access to privileged commands (01c387ea-383d-4ca9-295a-977fab516b03)
add Policy Review and update configuration management policies and procedures (eb8a8df9-521f-3ccd-7e2c-3d1fcc812340)
add Policy Enforce mandatory and discretionary access control policies (b1666a13-8f67-9c47-155e-69e027ff6823)
add Policy Distribute policies and procedures (eff6e4a5-3efe-94dd-2ed1-25d56a019a82)
add Policy Restrict access to private keys (8d140e8b-76c7-77de-1d46-ed1b2e112444)
add Policy Establish network segmentation for card holder data environment (f476f3b0-4152-526e-a209-44e5f8c968d7)
add Policy Prohibit remote activation of collaborative computing devices (678ca228-042d-6d8e-a598-c58d5670437d)
add Policy Manage a secure surveillance camera system (f2222056-062d-1060-6dc2-0107a68c34b2)
add Policy Restrict location of information processing, storage and services (0040d2e5-2779-170d-6a2c-1f5fca353335)
add Policy Develop security safeguards (423f6d9c-0c73-9cc6-64f4-b52242490368)
add Policy Route traffic through authenticated proxy network (d91558ce-5a5c-551b-8fbb-83f793255e09)
add Policy Configure Azure Audit capabilities (a3e98638-51d4-4e28-910a-60e98c1a756f)
add Policy Provide secure name and address resolution services (bbb2e6d6-085f-5a35-a55d-e45daad38933)
add Policy Enable network protection (8c255136-994b-9616-79f5-ae87810e0dcf)
add Policy Ensure security categorization is approved (6c79c3e5-5f7b-a48a-5c7b-8c158bc01115)
add Policy Implement an insider threat program (35de8462-03ff-45b3-5746-9d4603c74c56)
add Policy Make accounting of disclosures available upon request (d4f70530-19a2-2a85-6e0c-0c3c465e3325)
add Policy Assign system identifiers (f29b17a4-0df2-8a50-058a-8570f9979d28)
add Policy Enforce rules of behavior and access agreements (509552f5-6528-3540-7959-fbeae4832533)
add Policy Audit user account status (49c23d9b-02b0-0e42-4f94-e8cef1b8381b)
add Policy Disseminate security alerts to personnel (9c93ef57-7000-63fb-9b74-88f2e17ca5d2)
add Policy Produce, control and distribute asymmetric cryptographic keys (de077e7e-0cc8-65a6-6e08-9ab46c827b05)
add Policy Employ a media sanitization mechanism (eaaae23f-92c9-4460-51cf-913feaea4d52)
add Policy Provide monitoring information as needed (7fc1f0da-0050-19bb-3d75-81ae15940df6)
add Policy Obtain design and implementation information for the security controls (22a02c9a-49e4-5dc9-0d14-eb35ad717154)
add Policy Separate duties of individuals (60ee1260-97f0-61bb-8155-5d8b75743655)
add Policy Provide role-based training on suspicious activities (f6794ab8-9a7d-3b24-76ab-265d3646232b)
add Policy Require interconnection security agreements (096a7055-30cb-2db4-3fda-41b20ac72667)
add Policy Implement personnel screening (e0c480bf-0d68-a42d-4cbb-b60f851f8716)
add Policy Provide audit review, analysis, and reporting capability (44f8a42d-739f-8030-89a8-4c2d5b3f6af3)
add Policy Authorize remote access (dad8a2e9-6f27-4fc2-8933-7e99fe700c9c)
add Policy View and configure system diagnostic data (0123edae-3567-a05a-9b05-b53ebe9d3e7e)
add Policy Require developers to build security architecture (f131c8c5-a54a-4888-1efc-158928924bc1)
add Policy Require notification of third-party personnel transfer or termination (afd5d60a-48d2-8073-1ec2-6687e22f2ddd)
add Policy Require external service providers to comply with security requirements (4e45863d-9ea9-32b4-a204-2680bc6007a6)
add Policy Conduct a full text analysis of logged privileged commands (8eea8c14-4d93-63a3-0c82-000343ee5204)
add Policy Implement plans of action and milestones for security program process (d93fe1be-13e4-421d-9c21-3158e2fa2667)
add Policy Configure workstations to check for digital certificates (26daf649-22d1-97e9-2a8a-01b182194d59)
add Policy Develop and establish a system security plan (b2ea1058-8998-3dd1-84f1-82132ad482fd)
add Policy Establish policies for supply chain risk management (9150259b-617b-596d-3bf5-5ca3fce20335)
add Policy Allocate resources in determining information system requirements (90a156a6-49ed-18d1-1052-69aac27c05cd)
add Policy Establish firewall and router configuration standards (398fdbd8-56fd-274d-35c6-fa2d3b2755a1)
add Policy Notify personnel of any failed security verification tests (18e9d748-73d4-0c96-55ab-b108bfbd5bc3)
add Policy Information flow control using security policy filters (13ef3484-3a51-785a-9c96-500f21f84edd)
add Policy Review administrator assignments weekly (f27a298f-9443-014a-0d40-fef12adf0259)
add Policy Review and update media protection policies and procedures (b4e19d22-8c0e-7cad-3219-c84c62dc250f)
add Policy Review and update contingency planning policies and procedures (e9c60c37-65b0-2d72-6c3c-af66036203ae)
add Policy Implement training for protecting authenticators (e4b00788-7e1c-33ec-0418-d048508e095b)
add Policy Document security assurance requirements in acquisition contracts (13efd2d7-3980-a2a4-39d0-527180c009e8)
add Policy Train personnel on disclosure of nonpublic information (97f0d974-1486-01e2-2088-b888f46c0589)
add Policy Provide information spillage training (2d4d0e90-32d9-4deb-2166-a00d51ed57c0)
add Policy Monitor access across the organization (48c816c5-2190-61fc-8806-25d6f3df162f)
add Policy Disable user accounts posing a significant risk (22c16ae4-19d0-29cb-422f-cb44061180ee)
add Policy Accept PIV credentials (55be3260-a7a2-3c06-7fe6-072d07525ab7)
add Policy Develop organization code of conduct policy (d02498e0-8a6f-6b02-8332-19adf6711d1e)
add Policy Create a data inventory (043c1e56-5a16-52f8-6af8-583098ff3e60)
add Policy Control use of portable storage devices (36b74844-4a99-4c80-1800-b18a516d1585)
add Policy Enforce user uniqueness (e336d5f4-4d8f-0059-759c-ae10f63d1747)
add Policy Assign account managers (4c6df5ff-4ef2-4f17-a516-0da9189c603b)
add Policy Provide role-based practical exercises (d041726f-00e0-41ca-368c-b1a122066482)
add Policy Use dedicated machines for administrative tasks (b8972f60-8d77-1cb8-686f-9c9f4cdd8a59)
add Policy Measure the time between flaw identification and flaw remediation (dad1887d-161b-7b61-2e4d-5124a7b5724e)
add Policy Identify and manage downstream information exchanges (c7fddb0e-3f44-8635-2b35-dc6b8e740b7c)
add Policy Establish authenticator types and processes (921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0)
add Policy Identify individuals with security roles and responsibilities (0dcbaf2f-075e-947b-8f4c-74ecc5cd302c)
add Policy Provide updated security awareness training (d136ae80-54dd-321c-98b4-17acf4af2169)
add Policy Integrate cloud app security with a siem (9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9)
add Policy Define cryptographic use (c4ccd607-702b-8ae6-8eeb-fc3339cd4b42)
add Policy Integrate Audit record analysis (85335602-93f5-7730-830b-d43426fd51fa)
add Policy Designate authorized personnel to post publicly accessible information (b4512986-80f5-1656-0c58-08866bd2673a)
add Policy Secure the interface to external systems (ff1efad2-6b09-54cc-01bf-d386c4d558a8)
add Policy Automate information sharing decisions (e54901fe-42c2-7f3b-3c5f-327aa5320a69)
add Policy Establish alternate storage site that facilitates recovery operations (245fe58b-96f8-9f1e-48c5-7f49903f66fd)
add Policy Develop and document a business continuity and disaster recovery plan (bd6cbcba-4a2d-507c-53e3-296b5c238a8e)
add Policy Monitor security and privacy training completion (82bd024a-5c99-05d6-96ff-01f539676a1a)
add Policy Prohibit binary/machine-executable code (8e920169-739d-40b5-3f99-c4d855327bb2)
add Policy Implement a fault tolerant name/address service (ced727b3-005e-3c5b-5cd5-230b79d56ee8)
add Policy Revoke privileged roles as appropriate (32f22cfa-770b-057c-965b-450898425519)
add Policy Maintain incident response plan (37546841-8ea1-5be0-214d-8ac599588332)
add Policy Isolate SecurID systems, Security Incident Management systems (dd6d00a8-701a-5935-a22b-c7b9c0c698b2)
add Policy Notify users of system logon or access (fe2dff43-0a8c-95df-0432-cb1c794b17d0)
add Policy Enable dual or joint authorization (2c843d78-8f64-92b5-6a9b-e8186c0e7eb6)
add Policy Establish an information security program (84245967-7882-54f6-2d34-85059f725b47)
add Policy Establish backup policies and procedures (4f23967c-a74b-9a09-9dc2-f566f61a87b9)
add Policy Employ independent team for penetration testing (611ebc63-8600-50b6-a0e3-fef272457132)
add Policy Create configuration plan protection (874a6f2e-2098-53bc-3a16-20dcdc425a7e)
add Policy Enforce logical access (10c4210b-3ec9-9603-050d-77e4d26c7ebb)
add Policy Manage nonlocal maintenance and diagnostic activities (1fb1cb0e-1936-6f32-42fd-89970b535855)
add Policy Establish conditions for role membership (97cfd944-6f0c-7db2-3796-8e890ef70819)
add Policy Update information security policies (5226dee6-3420-711b-4709-8e675ebd828f)
add Policy Employ FICAM-approved resources to accept third-party credentials (db8b35d6-8adb-3f51-44ff-c648ab5b1530)
add Policy Obscure feedback information during authentication process (1ff03f2a-974b-3272-34f2-f6cd51420b30)
add Policy Automate remote maintenance activities (b8587fce-138f-86e8-33a3-c60768bf1da6)
add Policy Establish and document a configuration management plan (526ed90e-890f-69e7-0386-ba5c0f1f784f)
add Policy Provide capability to process customer-controlled audit records (21633c09-804e-7fcd-78e3-635c6bfe2be7)
add Policy Document mobility training (83dfb2b8-678b-20a0-4c44-5c75ada023e6)
add Policy Review malware detections report weekly (4a6f5cbd-6c6b-006f-2bb1-091af1441bce)
add Policy Implement the risk management strategy (c6fe3856-4635-36b6-983c-070da12a953b)
add Policy Detect network services that have not been authorized or approved (86ecd378-a3a0-5d5b-207c-05e6aaca43fc)
add Policy Create alternative actions for identified anomalies (cc2f7339-2fac-1ea9-9ca3-cd530fbb0da2)
add Policy Designate personnel to supervise unauthorized maintenance activities (7a489c62-242c-5db9-74df-c073056d6fa3)
add Policy Automate process to document implemented changes (43ac3ccb-4ef6-7d63-9a3f-6848485ba4e8)
add Policy Information security and personal data protection (34738025-5925-51f9-1081-f2d0060133ed)
add Policy Separately store backup information (fc26e2fd-3149-74b4-5988-d64bb90f8ef7)
add Policy Employ boundary protection to isolate information systems (311802f9-098d-0659-245a-94c5d47c0182)
add Policy Retain accounting of disclosures of information (75b9db50-7906-2351-98ae-0458218609e5)
add Policy Enable detection of network devices (426c172c-9914-10d1-25dd-669641fc1af4)
add Policy Document requirements for the use of shared data in contracts (0ba211ef-0e85-2a45-17fc-401d1b3f8f85)
add Policy Provide security training for new users (1cb7bf71-841c-4741-438a-67c65fdd7194)
add Policy Authorize and manage access (50e9324a-7410-0539-0662-2c1e775538b7)
add Policy Review changes for any unauthorized changes (c246d146-82b0-301f-32e7-1065dcd248b7)
add Policy Maintain records of processing of personal data (92ede480-154e-0e22-4dca-8b46a74a3a51)
add Policy Protect the information security program plan (2e7a98c9-219f-0d58-38dc-d69038224442)
add Policy Distribute authenticators (098dcde7-016a-06c3-0985-0daaf3301d3a)
add Policy Require users to sign access agreement (3af53f59-979f-24a8-540f-d7cdbc366607)
add Policy Provide periodic security awareness training (516be556-1353-080d-2c2f-f46f000d5785)
add Policy Ensure capital planning and investment requests include necessary resources (464a7d7a-2358-4869-0b49-6d582ca21292)
add Policy Monitor privileged role assignment (ed87d27a-9abf-7c71-714c-61d881889da4)
add Policy Establish benchmarks for flaw remediation (dd2523d5-2db3-642b-a1cf-83ac973b32c2)
add Policy Develop configuration management plan (04837a26-2601-1982-3da7-bf463e6408f4)
add Policy Conduct backup of information system documentation (b269a749-705e-8bff-055a-147744675cdf)
add Policy Identify and authenticate network devices (ae5345d5-8dab-086a-7290-db43a3272198)
add Policy Secure commitment from leadership (70057208-70cc-7b31-3c3a-121af6bc1966)
add Policy Ensure alternate storage site safeguards are equivalent to primary site (178c8b7e-1b6e-4289-44dd-2f1526b678a1)
add Policy Categorize information (93fa357f-2e38-22a9-5138-8cc5124e1923)
add Policy Observe and report security weaknesses (ff136354-1c92-76dc-2dab-80fb7c6a9f1a)
add Policy Review cloud service provider's compliance with policies and agreements (ffea18d9-13de-6505-37f3-4c1f88070ad7)
add Policy Review publicly accessible content for nonpublic information (b5244f81-6cab-3188-2412-179162294996)
add Policy Address information security issues (56fb5173-3865-5a5d-5fad-ae33e53e1577)
add Policy Implement controls to secure all media (e435f7e3-0dd9-58c9-451f-9b44b96c0232)
add Policy Implement security testing, training, and monitoring plans (21832235-7a07-61f4-530d-d596f76e5b95)
add Policy Provide privacy notice to the public and to individuals (5023a9e7-8e64-2db6-31dc-7bce27f796af)
add Policy Document protection of security information in acquisition contracts (d78f95ba-870a-a500-6104-8a5ce2534f19)
add Policy Develop business classification schemes (11ba0508-58a8-44de-5f3a-9e05d80571da)
add Policy Review cloud identity report overview (8aec4343-9153-9641-172c-defb201f56b3)
add Policy Develop and maintain baseline configurations (2f20840e-7925-221c-725d-757442753e7c)
add Policy Define requirements for managing assets (25a1f840-65d0-900a-43e4-bee253de04de)
add Policy Define information security roles and responsibilities (ef5a7059-6651-73b1-18b3-75b1b79c1565)
add Policy Disable authenticators upon termination (d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10)
add Policy Prohibit unfair practices (5fe84a4c-1b0c-a738-2aba-ed49c9069d3b)
add Policy Provide periodic role-based security training (9ac8621d-9acd-55bf-9f99-ee4212cc3d85)
add Policy Refresh authenticators (3ae68d9a-5696-8c32-62d3-c6f9c52e437c)
add Policy Restrict media use (6122970b-8d4a-7811-0278-4c6c68f61e4f)
add Policy Rescreen individuals at a defined frequency (c6aeb800-0b19-944d-92dc-59b893722329)
add Policy Perform disposition review (b5a4be05-3997-1731-3260-98be653610f6)
add Policy Initiate transfer or reassignment actions (b8a9bb2f-7290-3259-85ce-dca7d521302d)
add Policy Require compliance with intellectual property rights (725164e5-3b21-1ec2-7e42-14f077862841)
add Policy Retain previous versions of baseline configs (5e4e9685-3818-5934-0071-2620c4fa2ca5)
add Policy Document and implement wireless access guidelines (04b3e7f6-4841-888d-4799-cda19a0084f6)
add Policy Implement system boundary protection (01ae60e2-38bb-0a32-7b20-d3a091423409)
add Policy Update rules of behavior and access agreements every 3 years (7ad83b58-2042-085d-08f0-13e946f26f89)
add Policy Analyse data obtained from continuous monitoring (6a379d74-903b-244a-4c44-838728bea6b0)
add Policy Obtain user security function documentation (be1c34ab-295a-07a6-785c-36f63c1d223e)
add Policy Implement privileged access for executing vulnerability scanning activities (5b802722-71dd-a13d-2e7e-231e09589efb)
add Policy Implement incident handling (433de59e-7a53-a766-02c2-f80f8421469a)
add Policy Check for privacy and security compliance before establishing internal connections (ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab)
add Policy Reauthenticate or terminate a user session (d6653f89-7cb5-24a4-9d71-51581038231b)
add Policy Plan for resumption of essential business functions (7ded6497-815d-6506-242b-e043e0273928)
add Policy Review and update risk assessment policies and procedures (20012034-96f0-85c2-4a86-1ae1eb457802)
add Policy Manage system and admin accounts (34d38ea7-6754-1838-7031-d7fd07099821)
add Policy Ensure system capable of dynamic isolation of resources (83eea3d3-0d2c-9ccd-1021-2111b29b2a62)
add Policy Review security assessment and authorization policies and procedures (a4493012-908c-5f48-a468-1e243be884ce)
add Policy Maintain data breach records (0fd1ca29-677b-2f12-1879-639716459160)
add Policy Assign an authorizing official (AO) (e29a8f1b-149b-2fa3-969d-ebee1baa9472)
add Policy Conduct exit interview upon termination (496b407d-9b9e-81e8-4ba4-44bc686b016a)
add Policy Document customer-defined actions (8c44a0ea-9b09-4d9c-0e91-f9bee3d05bfb)
add Policy Govern policies and procedures (1a2a03a4-9992-5788-5953-d8f6615306de)
add Policy Update the security authorization (449ebb52-945b-36e5-3446-af6f33770f8f)
add Policy Review and update personnel security policies and procedures (e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9)
add Policy Review audit data (6625638f-3ba1-7404-5983-0ea33d719d34)
add Policy Develop access control policies and procedures (59f7feff-02aa-6539-2cf7-bea75b762140)
add Policy Satisfy token quality requirements (056a723b-4946-9d2a-5243-3aa27c4d31a1)
add Policy Automate process to prohibit implementation of unapproved changes (7d10debd-4775-85a7-1a41-7e128e0e8c50)
add Policy Control maintenance and repair activities (b6ad009f-5c24-1dc0-a25e-74b60e4da45f)
add Policy Require developers to implement only approved changes (085467a6-9679-5c65-584a-f55acefd0d43)
add Policy Use privileged identity management (e714b481-8fac-64a2-14a9-6f079b2501a4)
add Policy Verify personal data is deleted at the end of processing (c6b877a6-5d6d-1862-4b7f-3ccc30b25b63)
add Policy Automate process to highlight unreviewed change proposals (92b49e92-570f-1765-804a-378e6c592e28)
add Policy Adhere to retention periods defined (1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1)
add Policy Implement transaction based recovery (ba02d0a0-566a-25dc-73f1-101c726a19c5)
add Policy Confirm quality and integrity of PII (8bb40df9-23e4-4175-5db3-8dba86349b73)
add Policy Install an alarm system (aa0ddd99-43eb-302d-3f8f-42b499182960)
add Policy Incorporate simulated contingency training (9c954fcf-6dd8-81f1-41b5-832ae5c62caf)
add Policy Require developers to provide unified security protection approach (7a114735-a420-057d-a651-9a73cd0416ef)
add Policy Implement privacy notice delivery methods (06f84330-4c27-21f7-72cd-7488afd50244)
add Policy Authorize, monitor, and control usage of mobile code technologies (291f20d4-8d93-1d73-89f3-6ce28b825563)
add Policy Review content prior to posting publicly accessible information (9e3c505e-7aeb-2096-3417-b132242731fc)
Version change: '13.0.0' to '14.0.0'
2022-09-21 16:34:39 Description change: 'This initiative includes policies that address a subset of HITRUST/HIPAA controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/hipaa-init.' to 'Health Information Trust Alliance (HITRUST) helps organizations from all sectors-but especially healthcare-effectively manage data, information risk, and compliance. HITRUST certification means that the organization has undergone a thorough assessment of the information security program. These policies address a subset of HITRUST controls. For more information, visit https://docs.microsoft.com/azure/governance/policy/samples/hipaa-hitrust-9-2'
2022-07-07 16:32:14 Version change: '12.0.0' to '13.0.0'
remove Policy [Deprecated]: Latest TLS version should be used in your API App (8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e)
remove Policy [Deprecated]: Remote debugging should be turned off for API Apps (e9c8d085-d9cc-4b17-9cdc-059f1f01f19e)
remove Policy [Deprecated]: CORS should not allow every resource to access your API App (358c20a6-3f9e-4f0e-97ff-c6ce485e2aac)
2022-06-10 16:31:22 Version change: '10.1.1' to '12.0.0'
remove Policy [Deprecated]: API App should only be accessible over HTTPS (b7ddfbdc-1260-477d-91fd-98bd9be789a6)
2022-04-07 17:18:35 Version change: '10.1.0' to '10.1.1'
2022-04-01 20:29:13 Description change: 'This initiative includes policies that address a subset of HITRUST/HIPAA controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/hipaa-blueprint.' to 'This initiative includes policies that address a subset of HITRUST/HIPAA controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/hipaa-init.'
2022-01-27 17:51:51 remove Policy [Deprecated]: Custom subscription owner roles should not exist (10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9)
2022-01-26 17:48:30 Description change: 'This initiative includes audit and virtual machine extension deployment policies that address a subset of HITRUST/HIPAA controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/hipaa-blueprint.' to 'This initiative includes policies that address a subset of HITRUST/HIPAA controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/hipaa-blueprint.'
2022-01-13 19:18:29 add Policy App Service apps should have resource logs enabled (91a78b24-f231-4a8a-8da9-02c35b2b6510)
remove Policy [Deprecated]: Unattached disks should be encrypted (2c89a2e5-7285-40fe-afe0-ae8654b92fb2)
remove Policy [Deprecated]: Diagnostic logs in App Services should be enabled (b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0)
2021-12-08 16:24:23 add Policy SQL servers should use customer-managed keys to encrypt data at rest (0a370ff3-6cab-4e85-8995-295fd854c5b8)
add Policy SQL managed instances should use customer-managed keys to encrypt data at rest (ac01ad65-10e5-46df-bdd9-6b0cad13e1d2)
remove Policy [Deprecated]: SQL managed instances should use customer-managed keys to encrypt data at rest (048248b0-55cd-46da-b1ff-39efd52db260)
remove Policy [Deprecated]: SQL servers should use customer-managed keys to encrypt data at rest (0d134df8-db83-46fb-ad72-fe0c9428c8dd)
2021-06-22 14:29:04 remove Policy [Deprecated]: Service Bus should use a virtual network service endpoint (235359c5-7c52-4b82-9055-01c75cf9f60e)
2021-02-17 14:28:42 add Policy Azure Key Vault Managed HSM should have purge protection enabled (c39ba22d-4428-4149-b981-70acb31fc383)
add Policy Resource logs in Azure Key Vault Managed HSM should be enabled (a2a5b911-5617-447e-a49e-59dbe0e0434b)
2021-01-22 09:14:56 remove Policy [Deprecated]: Vulnerabilities should be remediated by a Vulnerability Assessment solution (760a85ff-6162-42b3-8d70-698e268f648c)
2020-09-09 11:24:08 add Policy Audit Windows machines that have the specified members in the Administrators group (69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f)
add Policy Audit Windows machines missing any of specified members in the Administrators group (30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7)
add Policy Audit Windows machines that don't have the specified applications installed (ebb67efd-3c46-49b0-adfe-5599eb944998)
add Policy Audit Windows machines on which the Log Analytics agent is not connected as expected (6265018c-d7e2-432f-a75d-094d5f6f4465)
add Policy Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs (331e8ea8-378a-410f-a2e5-ae22f38bb0da)
add Policy Audit Windows machines that do not have the password complexity setting enabled (bf16e0bb-31e1-4646-8202-60a235cc7e74)
add Policy Audit Windows machines that do not contain the specified certificates in Trusted Root (934345e1-4dfb-4c70-90d7-41990dc9608b)
add Policy Audit Linux machines that do not have the passwd file permissions set to 0644 (e6955644-301c-44b5-a4c4-528577de6861)
add Policy Audit Windows machines that have extra accounts in the Administrators group (3d2a3320-2a72-4c67-ac5f-caa40fbee2b2)
remove Policy [Deprecated]: Deploy prerequisites to audit Linux VMs that do not have the passwd file permissions set to 0644 (f19aa1c1-6b91-4c27-ae6a-970279f03db9)
remove Policy [Deprecated]: Show audit results from Windows VMs if the Administrators group doesn't contain all of the specified members (f3b44e5d-1456-475f-9c67-c66c4618e85a)
remove Policy [Deprecated]: Show audit results from Linux VMs that do not have the passwd file permissions set to 0644 (b18175dd-c599-4c64-83ba-bb018a06d35b)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs if the Administrators group doesn't contain only specified members (b821191b-3a12-44bc-9c38-212138a29ff3)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs if the Administrators group contains any of the specified members (144f1397-32f9-4598-8c88-118decc3ccba)
remove Policy [Deprecated]: Show audit results from Windows VMs if the Administrators group doesn't contain only specified members (cc7cda28-f867-4311-8497-a526129a8d19)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs that do not contain the specified certificates in Trusted Root (106ccbe4-a791-4f33-a44a-06796944b8d5)
remove Policy [Deprecated]: Show audit results from Windows VMs if the Administrators group contains any of the specified members (bde62c94-ccca-4821-a815-92c1d31a76de)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs that do not have the password complexity setting enabled (7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs on which the Log Analytics agent is not connected as expected (68511db2-bd02-41c4-ae6b-1900a012968a)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs that do not have the specified applications installed (12f7e5d0-42a7-4630-80d8-54fb7cff9bd6)
remove Policy [Deprecated]: Show audit results from Windows VMs that do not have the password complexity setting enabled (f48b2913-1dc5-4834-8c72-ccc1dfd819bb)
remove Policy [Deprecated]: Show audit results from Windows VMs that do not contain the specified certificates in Trusted Root (f3b9ad83-000d-4dc1-bff0-6d54533dd03f)
remove Policy [Deprecated]: Show audit results from Windows VMs that do not have the specified applications installed (5e393799-e3ca-4e43-a9a5-0ec4648a57d9)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs if the Administrators group doesn't contain all the specified members (93507a81-10a4-4af0-9ee2-34cf25a96e98)
remove Policy [Deprecated]: Show audit results from Windows VMs on which the Log Analytics agent is not connected as expected (a030a57e-4639-4e8f-ade9-a92f33afe7ee)
2020-08-21 13:50:30 add Policy Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities (3cf2ab00-13f1-4d0c-8971-2ac904541a7e)
add Policy Windows machines should meet requirements for 'Security Options - User Account Control' (492a29ed-d143-4f03-b6a4-705ce081b463)
add Policy Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity (497dff13-db2a-4c0f-8603-28fa3b331ab6)
add Policy Windows machines should meet requirements for 'Windows Firewall Properties' (35d9882c-993d-44e6-87d2-db66ce21b636)
add Policy Windows machines should meet requirements for 'Security Options - Microsoft Network Server' (caf2d518-f029-4f6b-833b-d7081702f253)
add Policy Windows machines should meet requirements for 'Security Options - Accounts' (ee984370-154a-4ee8-9726-19d900e56fc0)
add Policy Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs (385f5831-96d4-41db-9a3c-cd3af78aaae6)
add Policy Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' (58383b73-94a9-4414-b382-4146eb02611b)
add Policy Windows machines should meet requirements for 'Security Options - Recovery console' (f71be03e-e25b-4d0f-b8bc-9b3e309b66c0)
add Policy Windows machines should meet requirements for 'System Audit Policies - Account Management' (94d9aca8-3757-46df-aa51-f218c5f11954)
add Policy Windows machines should meet requirements for 'User Rights Assignment' (e068b215-0026-4354-b347-8fb2766f73a2)
add Policy Windows machines should meet requirements for 'Administrative Templates - Network' (67e010c1-640d-438e-a3a5-feaccb533a98)
add Policy Windows machines should meet requirements for 'Security Options - Network Access' (3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd)
add Policy Windows machines should meet requirements for 'Security Options - Audit' (33936777-f2ac-45aa-82ec-07958ec9ade4)
remove Policy [Deprecated]: Show audit results from Windows VMs configurations in 'Windows Firewall Properties' (8bbd627e-4d25-4906-9a6e-3789780af3ec)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Account Management' (0a9991e6-21be-49f9-8916-a06d934bcf29)
remove Policy [Deprecated]: Show audit results from Windows VMs configurations in 'Security Options - User Account Control' (29829ec2-489d-4925-81b7-bda06b1718e0)
remove Policy [Deprecated]: Show audit results from Windows VMs configurations in 'Security Options - Microsoft Network Server' (6fe4ef56-7576-4dc4-8e9c-26bad4b087ce)
remove Policy [Deprecated]: Show audit results from Windows VMs configurations in 'Administrative Templates - Network' (7229bd6a-693d-478a-87f0-1dc1af06f3b8)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Recovery console' (ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b)
remove Policy [Deprecated]: Show audit results from Windows VMs configurations in 'Security Options - Accounts' (b872a447-cc6f-43b9-bccf-45703cd81607)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Detailed Tracking' (42a07bbf-ffcf-459a-b4b1-30ecd118a505)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Network Access' (f56a3ab2-89d1-44de-ac0d-2ada5962e22a)
remove Policy [Deprecated]: Show audit results from Windows VMs configurations in 'Security Options - Audit' (21e2995e-683e-497a-9e81-2f42ad07050a)
remove Policy [Deprecated]: Show audit results from Windows VMs configurations in 'Security Options - Network Access' (30040dab-4e75-4456-8273-14b8f75d91d9)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'User Rights Assignment' (815dcc9f-6662-43f2-9a03-1b83e9876f24)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Audit' (498b810c-59cd-4222-9338-352ba146ccf3)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Microsoft Network Server' (86880e5c-df35-43c5-95ad-7e120635775e)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Windows Firewall Properties' (909c958d-1b99-4c74-b88f-46a5c5bc34f9)
remove Policy [Deprecated]: Show audit results from Windows VMs configurations in 'Security Options - Recovery console' (ba12366f-f9a6-42b8-9d98-157d0b1a837b)
remove Policy [Deprecated]: Show audit results from Windows VMs configurations in 'System Audit Policies - Account Management' (225e937e-d32e-4713-ab74-13ce95b3519a)
remove Policy [Deprecated]: Show audit results from Windows VMs configurations in 'System Audit Policies - Detailed Tracking' (a9a33475-481d-4b81-9116-0bf02ffe67e8)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Administrative Templates - Network' (985285b7-b97a-419c-8d48-c88cc934c8d8)
remove Policy [Deprecated]: Show audit results from Windows VMs configurations in 'User Rights Assignment' (c961dac9-5916-42e8-8fb1-703148323994)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - User Account Control' (e425e402-a050-45e5-b010-bd3f934589fc)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Accounts' (e5b81f87-9185-4224-bf00-9f505e9f89f3)
2020-06-23 16:03:23 add Policy [Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - User Account Control' (e425e402-a050-45e5-b010-bd3f934589fc)
add Policy [Deprecated]: Deploy prerequisites to audit Windows VMs if the Administrators group contains any of the specified members (144f1397-32f9-4598-8c88-118decc3ccba)
add Policy Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' (1a4e592a-6a6e-44a5-9814-e36264ca96e7)
add Policy [Preview]: Network traffic data collection agent should be installed on Windows virtual machines (2f2ee1de-44aa-4762-b6bd-0893fc3f306d)
add Policy App Service apps should use the latest TLS version (f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b)
add Policy MFA should be enabled on accounts with read permissions on your subscription (e3576e28-8b17-4677-84c3-db2990658d64)
add Policy Azure Monitor should collect activity logs from all regions (41388f1c-2db0-4c25-95b2-35d7f5ccbfa9)
add Policy Geo-redundant backup should be enabled for Azure Database for MariaDB (0ec47710-77ff-4a3d-9181-6aa50af424d0)
add Policy App Service apps should not have CORS configured to allow every resource to access your apps (5744710e-cc2f-4ee8-8809-3b11e89f4bc9)
add Policy Enforce SSL connection should be enabled for PostgreSQL database servers (d158790f-bfb0-486c-8631-2dc6b4e8e6af)
add Policy Key Vault should use a virtual network service endpoint (ea4d6841-2173-4317-9747-ff522a45120f)
add Policy Resource logs in IoT Hub should be enabled (383856f8-de7f-44a2-81fc-e5135b5c2aa4)
add Policy Only secure connections to your Azure Cache for Redis should be enabled (22bee202-a82f-4305-9a2a-6d7f44d4dedb)
add Policy The Log Analytics extension should be installed on Virtual Machine Scale Sets (efbde977-ba53-4479-b8e9-10b957924fbf)
add Policy Endpoint protection solution should be installed on virtual machine scale sets (26a828e1-e88f-464e-bbb3-c134a282b9de)
add Policy A maximum of 3 owners should be designated for your subscription (4f11b553-d42e-4e3a-89be-32ca364cad4c)
add Policy Enforce SSL connection should be enabled for MySQL database servers (e802a67a-daf5-4436-9ea6-f6d821dd0c5d)
add Policy Resource logs in Data Lake Analytics should be enabled (c95c74d9-38fe-4f0d-af86-0c7d626a315c)
add Policy A vulnerability assessment solution should be enabled on your virtual machines (501541f7-f7e7-4cd6-868c-4190fdad3ac9)
add Policy [Deprecated]: Unattached disks should be encrypted (2c89a2e5-7285-40fe-afe0-ae8654b92fb2)
add Policy Vulnerabilities in container security configurations should be remediated (e8cbc669-f12d-49eb-93e7-9273119e9933)
add Policy Cosmos DB should use a virtual network service endpoint (e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9)
add Policy Vulnerabilities in security configuration on your machines should be remediated (e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15)
add Policy [Deprecated]: Deploy prerequisites to audit Windows VMs if the Administrators group doesn't contain only specified members (b821191b-3a12-44bc-9c38-212138a29ff3)
add Policy [Deprecated]: Show audit results from Windows VMs if the Administrators group doesn't contain all of the specified members (f3b44e5d-1456-475f-9c67-c66c4618e85a)
add Policy Key vaults should have purge protection enabled (0b60c0b2-2dc2-4e1c-b5c9-abbed971de53)
add Policy [Deprecated]: Show audit results from Windows VMs if the Administrators group doesn't contain only specified members (cc7cda28-f867-4311-8497-a526129a8d19)
add Policy [Deprecated]: Show audit results from Windows VMs on which the Log Analytics agent is not connected as expected (a030a57e-4639-4e8f-ade9-a92f33afe7ee)
add Policy Event Hub should use a virtual network service endpoint (d63edb4a-c612-454d-b47d-191a724fcbf0)
add Policy Deprecated accounts with owner permissions should be removed from your subscription (ebb62a0c-3560-49e1-89ed-27e074e9f8ad)
add Policy Audit diagnostic setting (7f89b1eb-583c-429a-8828-af049802c1d9)
add Policy Function apps should only be accessible over HTTPS (6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab)
add Policy External accounts with owner permissions should be removed from your subscription (f8456c1c-aa66-4dfb-861a-25d127b775c9)
add Policy [Deprecated]: Diagnostic logs in App Services should be enabled (b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0)
add Policy SQL databases should have vulnerability findings resolved (feedbf84-6b99-488c-acc2-71c829aa5ffc)
add Policy Resource logs in Azure Data Lake Store should be enabled (057ef27e-665e-4328-8ea3-04b3122bd9fb)
add Policy App Service apps should use a virtual network service endpoint (2d21331d-a4c2-4def-a9ad-ee4e1e023beb)
add Policy Geo-redundant backup should be enabled for Azure Database for MySQL (82339799-d096-41ae-8538-b108becf0970)
add Policy Secure transfer to storage accounts should be enabled (404c3081-a854-4457-ae30-26a93ef643f9)
add Policy Resource logs in Key Vault should be enabled (cf820ca0-f99e-4f3e-84fb-66e913812d21)
add Policy SQL Server should use a virtual network service endpoint (ae5d2f14-d830-42b6-9899-df6cfe9c71a3)
add Policy [Deprecated]: Service Bus should use a virtual network service endpoint (235359c5-7c52-4b82-9055-01c75cf9f60e)
add Policy [Deprecated]: CORS should not allow every resource to access your API App (358c20a6-3f9e-4f0e-97ff-c6ce485e2aac)
add Policy Function apps should have remote debugging turned off (0e60b895-3786-45da-8377-9c6b4b6ac5f9)
add Policy [Deprecated]: Show audit results from Windows VMs if the Administrators group contains any of the specified members (bde62c94-ccca-4821-a815-92c1d31a76de)
add Policy [Preview]: Network traffic data collection agent should be installed on Linux virtual machines (04c4380f-3fae-46e8-96c9-30193528f602)
add Policy App Service apps should only be accessible over HTTPS (a4af4a39-4135-47fb-b175-47fbdf85311d)
add Policy [Deprecated]: Show audit results from Windows VMs configurations in 'User Rights Assignment' (c961dac9-5916-42e8-8fb1-703148323994)
add Policy An activity log alert should exist for specific Administrative operations (b954148f-4c11-4c38-8221-be76711e194a)
add Policy Function apps should use the latest TLS version (f9d614c5-c173-4d56-95a7-b4437057d193)
add Policy Virtual machines should have the Log Analytics extension installed (a70ca396-0a34-413a-88e1-b956c1e683be)
add Policy Geo-redundant backup should be enabled for Azure Database for PostgreSQL (48af4db5-9b8b-401c-8e74-076be876a430)
add Policy Adaptive network hardening recommendations should be applied on internet facing virtual machines (08e6af2d-db70-460a-bfe9-d5bd474ba9d6)
add Policy Gateway subnets should not be configured with a network security group (35f9c03a-cc27-418e-9c0c-539ff999d010)
add Policy [Deprecated]: Latest TLS version should be used in your API App (8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e)
add Policy Auto provisioning of the Log Analytics agent should be enabled on your subscription (475aae12-b88a-4572-8b36-9b712b2b3a17)
add Policy [Deprecated]: Deploy prerequisites to audit Windows VMs on which the Log Analytics agent is not connected as expected (68511db2-bd02-41c4-ae6b-1900a012968a)
add Policy Resource logs in Logic Apps should be enabled (34f95f76-5386-4de7-b824-0d8478470c9d)
add Policy [Deprecated]: Deploy prerequisites to audit Windows VMs if the Administrators group doesn't contain all the specified members (93507a81-10a4-4af0-9ee2-34cf25a96e98)
add Policy Network Watcher should be enabled (b6e2945c-0b7b-40f5-9233-7a5323b5cdc6)
add Policy Subnets should be associated with a Network Security Group (e71308d3-144b-4262-b144-efdc3cc90517)
add Policy Vulnerability assessment should be enabled on your SQL servers (ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9)
add Policy Monitor missing Endpoint Protection in Azure Security Center (af6cd1bd-1635-48cb-bde7-5b15693900b9)
add Policy [Preview]: Container Registry should use a virtual network service endpoint (c4857be7-912a-4c75-87e6-e30292bcdf78)
add Policy There should be more than one owner assigned to your subscription (09024ccc-0c5f-475e-9457-b7c0d9ed487b)
add Policy Function apps should not have CORS configured to allow every resource to access your apps (0820b7b9-23aa-4725-a1ce-ae4558f718e5)
add Policy [Deprecated]: Custom subscription owner roles should not exist (10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9)
add Policy Virtual machines should be connected to an approved virtual network (d416745a-506c-48b6-8ab1-83cb814bcaa3)
add Policy [Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'User Rights Assignment' (815dcc9f-6662-43f2-9a03-1b83e9876f24)
add Policy Azure Backup should be enabled for Virtual Machines (013e242c-8828-4970-87b3-ab247555486d)
add Policy Resource logs in Service Bus should be enabled (f8d36e2f-389b-4ee4-898d-21aeb69a0f45)
add Policy Audit usage of custom RBAC rules (a451c1ef-c6ca-483d-87ed-f49761e3ffb5)
add Policy Storage Accounts should use a virtual network service endpoint (60d21c4f-21a3-4d94-85f4-b924e6aeeda4)
add Policy Internet-facing virtual machines should be protected with network security groups (f6de0be7-9a8a-4b8a-b349-43cf02d22f7c)
add Policy App Service apps should have 'Client Certificates (Incoming client certificates)' enabled (5bb220d9-2698-4ee4-8404-b9c30c9df609)
add Policy [Deprecated]: Show audit results from Windows VMs configurations in 'Security Options - User Account Control' (29829ec2-489d-4925-81b7-bda06b1718e0)
add Policy Resource logs in Azure Stream Analytics should be enabled (f9be5368-9bf5-4b84-9e0a-7850da98bb46)
add Policy Microsoft Antimalware for Azure should be configured to automatically update protection signatures (c43e4a30-77cb-48ab-a4dd-93f175c63b57)
add Policy Long-term geo-redundant backup should be enabled for Azure SQL Databases (d38fc420-0735-4ef3-ac11-c806f651a570)
2020-06-22 16:06:26 Description change: 'This initiative includes audit and VM extension deployment policies that address a subset of HITRUST/HIPAA controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/hipaa-blueprint.' to 'This initiative includes audit and virtual machine extension deployment policies that address a subset of HITRUST/HIPAA controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/hipaa-blueprint.'
2020-06-16 14:55:25 Description change: 'This initiative includes policies that address a subset of HITRUST/HIPAA controls. Additional policies will be added in upcoming releases. https://aka.ms/hipaa-blueprint' to 'This initiative includes audit and VM extension deployment policies that address a subset of HITRUST/HIPAA controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/hipaa-blueprint.'
Name change: 'Audit HITRUST/HIPAA controls and deploy specific VM Extensions to support audit requirements' to 'HITRUST/HIPAA'
Policy count Total Policies: 611
Builtin Policies: 611
Static Policies: 0
Policy used
Policy DisplayName Policy Id Category Effect Roles# Roles State
[Preview]: Container Registry should use a virtual network service endpoint c4857be7-912a-4c75-87e6-e30292bcdf78 Network Default
Audit
Allowed
Audit, Disabled
0 Preview
[Preview]: Network traffic data collection agent should be installed on Linux virtual machines 04c4380f-3fae-46e8-96c9-30193528f602 Monitoring Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 Preview
[Preview]: Network traffic data collection agent should be installed on Windows virtual machines 2f2ee1de-44aa-4762-b6bd-0893fc3f306d Monitoring Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 Preview
A maximum of 3 owners should be designated for your subscription 4f11b553-d42e-4e3a-89be-32ca364cad4c Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
A vulnerability assessment solution should be enabled on your virtual machines 501541f7-f7e7-4cd6-868c-4190fdad3ac9 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Accept assessment results 3054c74b-9b45-2581-56cf-053a1a716c39 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Accept only FICAM-approved third-party credentials 2d2ca910-7957-23ee-2945-33f401606efc Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Accept PIV credentials 55be3260-a7a2-3c06-7fe6-072d07525ab7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Adaptive application controls for defining safe applications should be enabled on your machines 47a6b606-51aa-4496-8bb7-64b11cf66adc Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Adaptive network hardening recommendations should be applied on internet facing virtual machines 08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities 3cf2ab00-13f1-4d0c-8971-2ac904541a7e Guest Configuration Fixed
modify
1 Contributor GA
Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity 497dff13-db2a-4c0f-8603-28fa3b331ab6 Guest Configuration Fixed
modify
1 Contributor GA
Address coding vulnerabilities 318b2bd9-9c39-9f8b-46a7-048401f33476 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Address information security issues 56fb5173-3865-5a5d-5fad-ae33e53e1577 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Adhere to retention periods defined 1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Adjust level of audit review, analysis, and reporting de251b09-4a5e-1204-4bef-62ac58d47999 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Adopt biometric authentication mechanisms 7d7a8356-5c34-9a95-3118-1424cfaf192a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Alert personnel of information spillage 9622aaa9-5c49-40e2-5bf8-660b7cd23deb Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Align business objectives and IT goals ab02bb73-4ce1-89dd-3905-d93042809ba0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
All network ports should be restricted on network security groups associated to your virtual machine 9daedab3-fb2d-461e-b861-71790eead4f6 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Allocate resources in determining information system requirements 90a156a6-49ed-18d1-1052-69aac27c05cd Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
An activity log alert should exist for specific Administrative operations b954148f-4c11-4c38-8221-be76711e194a Monitoring Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Analyse data obtained from continuous monitoring 6a379d74-903b-244a-4c44-838728bea6b0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
App Service apps should have 'Client Certificates (Incoming client certificates)' enabled 5bb220d9-2698-4ee4-8404-b9c30c9df609 App Service Default
Audit
Allowed
Audit, Disabled
0 GA
App Service apps should have remote debugging turned off cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
App Service apps should have resource logs enabled 91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
App Service apps should not have CORS configured to allow every resource to access your apps 5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
App Service apps should only be accessible over HTTPS a4af4a39-4135-47fb-b175-47fbdf85311d App Service Default
Audit
Allowed
Audit, Disabled, Deny
0 GA
App Service apps should use a virtual network service endpoint 2d21331d-a4c2-4def-a9ad-ee4e1e023beb Network Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
App Service apps should use the latest TLS version f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Appoint a senior information security officer c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Assess information security events 37b0045b-3887-367b-8b4d-b9a6fa911bb9 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Assess risk in third party relationships 0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Assess Security Controls c423e64d-995c-9f67-0403-b540f65ba42a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Assign account managers 4c6df5ff-4ef2-4f17-a516-0da9189c603b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Assign an authorizing official (AO) e29a8f1b-149b-2fa3-969d-ebee1baa9472 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Assign risk designations b7897ddc-9716-2460-96f7-7757ad038cc4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Assign system identifiers f29b17a4-0df2-8a50-058a-8570f9979d28 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Audit diagnostic setting 7f89b1eb-583c-429a-8828-af049802c1d9 Monitoring Fixed
AuditIfNotExists
0 GA
Audit Linux machines that do not have the passwd file permissions set to 0644 e6955644-301c-44b5-a4c4-528577de6861 Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Audit privileged functions f26af0b1-65b6-689a-a03f-352ad2d00f98 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Audit usage of custom RBAC rules a451c1ef-c6ca-483d-87ed-f49761e3ffb5 General Default
Audit
Allowed
Audit, Disabled
0 GA
Audit user account status 49c23d9b-02b0-0e42-4f94-e8cef1b8381b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Audit virtual machines without disaster recovery configured 0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Compute Fixed
auditIfNotExists
0 GA
Audit Windows machines missing any of specified members in the Administrators group 30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Guest Configuration Fixed
auditIfNotExists
0 GA
Audit Windows machines on which the Log Analytics agent is not connected as expected 6265018c-d7e2-432f-a75d-094d5f6f4465 Guest Configuration Fixed
auditIfNotExists
0 GA
Audit Windows machines that do not contain the specified certificates in Trusted Root 934345e1-4dfb-4c70-90d7-41990dc9608b Guest Configuration Fixed
auditIfNotExists
0 GA
Audit Windows machines that do not have the password complexity setting enabled bf16e0bb-31e1-4646-8202-60a235cc7e74 Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Audit Windows machines that don't have the specified applications installed ebb67efd-3c46-49b0-adfe-5599eb944998 Guest Configuration Fixed
auditIfNotExists
0 GA
Audit Windows machines that have extra accounts in the Administrators group 3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Guest Configuration Fixed
auditIfNotExists
0 GA
Audit Windows machines that have the specified members in the Administrators group 69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Guest Configuration Fixed
auditIfNotExists
0 GA
Auditing on SQL server should be enabled a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 SQL Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Authenticate to cryptographic module 6f1de470-79f3-1572-866e-db0771352fc8 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Authorize access to security functions and information aeed863a-0f56-429f-945d-8bb66bd06841 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Authorize and manage access 50e9324a-7410-0539-0662-2c1e775538b7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Authorize remote access dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Authorize remote access to privileged commands 01c387ea-383d-4ca9-295a-977fab516b03 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Authorize, monitor, and control usage of mobile code technologies 291f20d4-8d93-1d73-89f3-6ce28b825563 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Authorize, monitor, and control voip e4e1f896-8a93-1151-43c7-0ad23b081ee2 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Auto provisioning of the Log Analytics agent should be enabled on your subscription 475aae12-b88a-4572-8b36-9b712b2b3a17 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Automate account management 2cc9c165-46bd-9762-5739-d2aae5ba90a1 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Automate approval request for proposed changes 575ed5e8-4c29-99d0-0e4d-689fb1d29827 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Automate flaw remediation a90c4d44-7fac-8e02-6d5b-0d92046b20e6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Automate implementation of approved change notifications c72fc0c8-2df8-7506-30be-6ba1971747e1 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Automate information sharing decisions e54901fe-42c2-7f3b-3c5f-327aa5320a69 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Automate privacy controls b9d45adb-471b-56a5-64d2-5b241f126174 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Automate process to document implemented changes 43ac3ccb-4ef6-7d63-9a3f-6848485ba4e8 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Automate process to highlight unreviewed change proposals 92b49e92-570f-1765-804a-378e6c592e28 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Automate process to prohibit implementation of unapproved changes 7d10debd-4775-85a7-1a41-7e128e0e8c50 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Automate proposed documented changes 5c40f27b-6791-18c5-3f85-7b863bd99c11 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Automate remote maintenance activities b8587fce-138f-86e8-33a3-c60768bf1da6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Azure Backup should be enabled for Virtual Machines 013e242c-8828-4970-87b3-ab247555486d Backup Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Azure Key Vault Managed HSM should have purge protection enabled c39ba22d-4428-4149-b981-70acb31fc383 Key Vault Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' 1a4e592a-6a6e-44a5-9814-e36264ca96e7 Monitoring Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Azure Monitor should collect activity logs from all regions 41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Monitoring Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Block untrusted and unsigned processes that run from USB 3d399cf3-8fc6-0efc-6ab0-1412f1198517 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Categorize information 93fa357f-2e38-22a9-5138-8cc5124e1923 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Check for privacy and security compliance before establishing internal connections ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Clear personnel with access to classified information c42f19c9-5d88-92da-0742-371a0ea03126 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Communicate contingency plan changes a1334a65-2622-28ee-5067-9d7f5b915cc5 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Conduct a full text analysis of logged privileged commands 8eea8c14-4d93-63a3-0c82-000343ee5204 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Conduct a security impact analysis 203101f5-99a3-1491-1b56-acccd9b66a9e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Conduct backup of information system documentation b269a749-705e-8bff-055a-147744675cdf Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Conduct capacity planning 33602e78-35e3-4f06-17fb-13dd887448e4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Conduct exit interview upon termination 496b407d-9b9e-81e8-4ba4-44bc686b016a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Conduct incident response testing 3545c827-26ee-282d-4629-23952a12008b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Conduct Risk Assessment 677e1da4-00c3-287a-563d-f4a1cf9b99a0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Conduct risk assessment and distribute its results d7c1ecc3-2980-a079-1569-91aec8ac4a77 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Conduct risk assessment and document its results 1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Configure actions for noncompliant devices b53aa659-513e-032c-52e6-1ce0ba46582f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Configure Azure Audit capabilities a3e98638-51d4-4e28-910a-60e98c1a756f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Configure detection whitelist 2927e340-60e4-43ad-6b5f-7a1468232cc2 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Configure workstations to check for digital certificates 26daf649-22d1-97e9-2a8a-01b182194d59 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Confirm quality and integrity of PII 8bb40df9-23e4-4175-5db3-8dba86349b73 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Conform to FICAM-issued profiles a8df9c78-4044-98be-2c05-31a315ac8957 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Control information flow 59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Control maintenance and repair activities b6ad009f-5c24-1dc0-a25e-74b60e4da45f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Control physical access 55a7f9a0-6397-7589-05ef-5ed59a8149e7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Control use of portable storage devices 36b74844-4a99-4c80-1800-b18a516d1585 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Coordinate contingency plans with related plans c5784049-959f-6067-420c-f4cefae93076 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Coordinate with external organizations to achieve cross org perspective d4e6a629-28eb-79a9-000b-88030e4823ca Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Correlate audit records 10874318-0bf7-a41f-8463-03e395482080 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Cosmos DB should use a virtual network service endpoint e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Network Default
Audit
Allowed
Audit, Disabled
0 GA
Create a data inventory 043c1e56-5a16-52f8-6af8-583098ff3e60 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Create alternative actions for identified anomalies cc2f7339-2fac-1ea9-9ca3-cd530fbb0da2 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Create configuration plan protection 874a6f2e-2098-53bc-3a16-20dcdc425a7e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Create separate alternate and primary storage sites 81b6267b-97a7-9aa5-51ee-d2584a160424 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Define a physical key management process 51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Define acceptable and unacceptable mobile code technologies 1afada58-8b34-7ac2-a38a-983218635201 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Define access authorizations to support separation of duties 341bc9f1-7489-07d9-4ec6-971573e1546a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Define and document government oversight cbfa1bd0-714d-8d6f-0480-2ad6a53972df Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Define and enforce conditions for shared and group accounts f7eb1d0b-6d4f-2d59-1591-7563e11a9313 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Define and enforce the limit of concurrent sessions d8350d4c-9314-400b-288f-20ddfce04fbd Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Define cryptographic use c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Define information security roles and responsibilities ef5a7059-6651-73b1-18b3-75b1b79c1565 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Define information system account types 623b5f0a-8cbd-03a6-4892-201d27302f0c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Define mobile device requirements 9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Define organizational requirements for cryptographic key management d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Define requirements for managing assets 25a1f840-65d0-900a-43e4-bee253de04de Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Define requirements for supplying goods and services 2b2f3a72-9e68-3993-2b69-13dcdecf8958 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Define the duties of processors 52375c01-4d4c-7acc-3aa4-5b3d53a047ec Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Deliver security assessment results 8e49107c-3338-40d1-02aa-d524178a2afe Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Deploy default Microsoft IaaSAntimalware extension for Windows Server 2835b622-407b-4114-9198-6f7064cbe0dc Compute Fixed
deployIfNotExists
1 Virtual Machine Contributor GA
Deploy Diagnostic Settings for Network Security Groups c9c29499-c1d1-4195-99bd-2ec9e3a9dc89 Monitoring Fixed
deployIfNotExists
2 Monitoring Contributor, Storage Account Contributor GA
Deploy network watcher when virtual networks are created a9b99dd8-06c5-4317-8629-9d86a3c6e7d9 Network Fixed
DeployIfNotExists
1 Network Contributor GA
Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs 331e8ea8-378a-410f-a2e5-ae22f38bb0da Guest Configuration Fixed
deployIfNotExists
1 Contributor GA
Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs 385f5831-96d4-41db-9a3c-cd3af78aaae6 Guest Configuration Fixed
deployIfNotExists
1 Contributor GA
Deprecated accounts with owner permissions should be removed from your subscription ebb62a0c-3560-49e1-89ed-27e074e9f8ad Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Design an access control model 03b6427e-6072-4226-4bd9-a410ab65317e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Designate authorized personnel to post publicly accessible information b4512986-80f5-1656-0c58-08866bd2673a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Designate personnel to supervise unauthorized maintenance activities 7a489c62-242c-5db9-74df-c073056d6fa3 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Detect network services that have not been authorized or approved 86ecd378-a3a0-5d5b-207c-05e6aaca43fc Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Determine assertion requirements 7a0ecd94-3699-5273-76a5-edb8499f655a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Determine auditable events 2f67e567-03db-9d1f-67dc-b6ffb91312f4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Determine information protection needs dbcef108-7a04-38f5-8609-99da110a2a57 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Determine supplier contract obligations 67ada943-8539-083d-35d0-7af648974125 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop a concept of operations (CONOPS) e7422f08-65b4-50e4-3779-d793156e0079 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop acceptable use policies and procedures 42116f15-5665-a52a-87bb-b40e64c74b6c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop access control policies and procedures 59f7feff-02aa-6539-2cf7-bea75b762140 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop an enterprise architecture 57adc919-9dca-817c-8197-64d812070316 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop an incident response plan 2b4e134f-1e4c-2bff-573e-082d85479b6e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop and document a business continuity and disaster recovery plan bd6cbcba-4a2d-507c-53e3-296b5c238a8e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop and document application security requirements 6de65dc4-8b4f-34b7-9290-eb137a2e2929 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop and establish a system security plan b2ea1058-8998-3dd1-84f1-82132ad482fd Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop and maintain a vulnerability management standard 055da733-55c6-9e10-8194-c40731057ec4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop and maintain baseline configurations 2f20840e-7925-221c-725d-757442753e7c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop audit and accountability policies and procedures a28323fe-276d-3787-32d2-cef6395764c4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop business classification schemes 11ba0508-58a8-44de-5f3a-9e05d80571da Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop configuration item identification plan 836f8406-3b8a-11bb-12cb-6c7fa0765668 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop configuration management plan 04837a26-2601-1982-3da7-bf463e6408f4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop contingency plan aa305b4d-8c84-1754-0c74-dec004e66be0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop contingency planning policies and procedures 75b42dcf-7840-1271-260b-852273d7906e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop information security policies and procedures af227964-5b8b-22a2-9364-06d2cb9d6d7c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop organization code of conduct policy d02498e0-8a6f-6b02-8332-19adf6711d1e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop POA&M 477bd136-7dd9-55f8-48ac-bae096b86a07 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop security assessment plan 1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop security safeguards 423f6d9c-0c73-9cc6-64f4-b52242490368 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop SSP that meets criteria 6b957f60-54cd-5752-44d5-ff5a64366c93 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Disable authenticators upon termination d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Disable user accounts posing a significant risk 22c16ae4-19d0-29cb-422f-cb44061180ee Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Discover any indicators of compromise 07b42fb5-027e-5a3c-4915-9d9ef3020ec7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Disseminate security alerts to personnel 9c93ef57-7000-63fb-9b74-88f2e17ca5d2 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Distribute authenticators 098dcde7-016a-06c3-0985-0daaf3301d3a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Distribute information system documentation 84a01872-5318-049e-061e-d56734183e84 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Distribute policies and procedures eff6e4a5-3efe-94dd-2ed1-25d56a019a82 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document access privileges a08b18c7-9e0a-89f1-3696-d80902196719 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document acquisition contract acceptance criteria 0803eaa7-671c-08a7-52fd-ac419f775e75 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document and distribute a privacy policy ee67c031-57fc-53d0-0cca-96c4c04345e8 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document and implement wireless access guidelines 04b3e7f6-4841-888d-4799-cda19a0084f6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document customer-defined actions 8c44a0ea-9b09-4d9c-0e91-f9bee3d05bfb Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document mobility training 83dfb2b8-678b-20a0-4c44-5c75ada023e6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document organizational access agreements c981fa70-2e58-8141-1457-e7f62ebc2ade Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document personnel acceptance of privacy requirements 271a3e58-1b38-933d-74c9-a580006b80aa Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document process to ensure integrity of PII 18e7906d-4197-20fa-2f14-aaac21864e71 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document protection of personal data in acquisition contracts f9ec3263-9562-1768-65a1-729793635a8d Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document protection of security information in acquisition contracts d78f95ba-870a-a500-6104-8a5ce2534f19 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document remote access guidelines 3d492600-27ba-62cc-a1c3-66eb919f6a0d Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document requirements for the use of shared data in contracts 0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document security and privacy training activities 524e7136-9f6a-75ba-9089-501018151346 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document security assurance requirements in acquisition contracts 13efd2d7-3980-a2a4-39d0-527180c009e8 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document security documentation requirements in acquisition contract a465e8e9-0095-85cb-a05f-1dd4960d02af Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document security functional requirements in acquisition contracts 57927290-8000-59bf-3776-90c468ac5b4b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document security operations 2c6bee3a-2180-2430-440d-db3c7a849870 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document security strength requirements in acquisition contracts ebb0ba89-6d8c-84a7-252b-7393881e43de Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document separation of duties e6f7b584-877a-0d69-77d4-ab8b923a9650 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document the information system environment in acquisition contracts c148208b-1a6f-a4ac-7abc-23b1d41121b1 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document the legal basis for processing personal information 79c75b38-334b-1a69-65e0-a9d929a42f75 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document the protection of cardholder data in third party contracts 77acc53d-0f67-6e06-7d04-5750653d4629 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document third-party personnel security requirements b320aa42-33b4-53af-87ce-100091d48918 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document wireless access security controls 8f835d6a-4d13-9a9c-37dc-176cebd37fda Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Employ a media sanitization mechanism eaaae23f-92c9-4460-51cf-913feaea4d52 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Employ automatic shutdown/restart when violations are detected 1b8a7ec3-11cc-a2d3-8cd0-eedf074424a4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Employ boundary protection to isolate information systems 311802f9-098d-0659-245a-94c5d47c0182 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Employ business case to record the resources required 2d14ff7e-6ff9-838c-0cde-4962ccdb1689 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Employ FICAM-approved resources to accept third-party credentials db8b35d6-8adb-3f51-44ff-c648ab5b1530 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Employ FIPS 201-approved technology for PIV 8b333332-6efd-7c0d-5a9f-d1eb95105214 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Employ flow control mechanisms of encrypted information 79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Employ independent assessors for continuous monitoring 3baee3fd-30f5-882c-018c-cc78703a0106 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Employ independent assessors to conduct security control assessments b65c5d8e-9043-9612-2c17-65f231d763bb Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Employ independent team for penetration testing 611ebc63-8600-50b6-a0e3-fef272457132 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Employ least privilege access 1bc7fd64-291f-028e-4ed6-6e07886e163f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Employ restrictions on external system interconnections 80029bc5-834f-3a9c-a2d8-acbc1aab4e9f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Enable detection of network devices 426c172c-9914-10d1-25dd-669641fc1af4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Enable dual or joint authorization 2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Enable network protection 8c255136-994b-9616-79f5-ae87810e0dcf Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Endpoint protection solution should be installed on virtual machine scale sets 26a828e1-e88f-464e-bbb3-c134a282b9de Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Enforce appropriate usage of all accounts fd81a1b3-2d7a-107c-507e-29b87d040c19 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Enforce logical access 10c4210b-3ec9-9603-050d-77e4d26c7ebb Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Enforce mandatory and discretionary access control policies b1666a13-8f67-9c47-155e-69e027ff6823 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Enforce random unique session identifiers c7d57a6a-7cc2-66c0-299f-83bf90558f5d Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Enforce rules of behavior and access agreements 509552f5-6528-3540-7959-fbeae4832533 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Enforce security configuration settings 058e9719-1ff9-3653-4230-23f76b6492e0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Enforce software execution privileges 68d2e478-3b19-23eb-1357-31b296547457 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Enforce SSL connection should be enabled for MySQL database servers e802a67a-daf5-4436-9ea6-f6d821dd0c5d SQL Default
Audit
Allowed
Audit, Disabled
0 GA
Enforce SSL connection should be enabled for PostgreSQL database servers d158790f-bfb0-486c-8631-2dc6b4e8e6af SQL Default
Audit
Allowed
Audit, Disabled
0 GA
Enforce user uniqueness e336d5f4-4d8f-0059-759c-ae10f63d1747 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Ensure alternate storage site safeguards are equivalent to primary site 178c8b7e-1b6e-4289-44dd-2f1526b678a1 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Ensure audit records are not altered 27ce30dd-3d56-8b54-6144-e26d9a37a541 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Ensure authorized users protect provided authenticators 37dbe3dc-0e9c-24fa-36f2-11197cbfa207 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Ensure capital planning and investment requests include necessary resources 464a7d7a-2358-4869-0b49-6d582ca21292 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Ensure external providers consistently meet interests of the customers 3eabed6d-1912-2d3c-858b-f438d08d0412 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Ensure resources are authorized 0716f0f5-4955-2ccb-8d5e-c6be14d57c0f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Ensure security categorization is approved 6c79c3e5-5f7b-a48a-5c7b-8c158bc01115 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Ensure security safeguards not needed when the individuals return 1fdf0b24-4043-3c55-357e-036985d50b52 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Ensure system capable of dynamic isolation of resources 83eea3d3-0d2c-9ccd-1021-2111b29b2a62 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Ensure there are no unencrypted static authenticators eda0cbb7-6043-05bf-645b-67411f1a59b3 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Eradicate contaminated information 54a9c072-4a93-2a03-6a43-a060d30383d7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish a configuration control board 7380631c-5bf5-0e3a-4509-0873becd8a63 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish a data leakage management procedure 3c9aa856-6b86-35dc-83f4-bc72cec74dea Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish a discrete line item in budgeting documentation 06af77de-02ca-0f3e-838a-a9420fe466f5 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish a password policy d8bbd80e-3bb1-5983-06c2-428526ec6a63 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish a privacy program 39eb03c1-97cc-11ab-0960-6209ed2869f7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish a risk management strategy d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish a secure software development program e750ca06-1824-464a-2cf3-d0fa754d1cb4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish a threat intelligence program b0e3035d-6366-2e37-796e-8bcab9c649e6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish alternate storage site that facilitates recovery operations 245fe58b-96f8-9f1e-48c5-7f49903f66fd Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish alternate storage site to store and retrieve backup information 0a412110-3874-9f22-187a-c7a81c8a6704 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish an alternate processing site af5ff768-a34b-720e-1224-e6b3214f3ba6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish an information security program 84245967-7882-54f6-2d34-85059f725b47 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish and document a configuration management plan 526ed90e-890f-69e7-0386-ba5c0f1f784f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish and document change control processes bd4dc286-2f30-5b95-777c-681f3a7913d3 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish and maintain an asset inventory 27965e62-141f-8cca-426f-d09514ee5216 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish authenticator types and processes 921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish backup policies and procedures 4f23967c-a74b-9a09-9dc2-f566f61a87b9 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish benchmarks for flaw remediation dd2523d5-2db3-642b-a1cf-83ac973b32c2 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish conditions for role membership 97cfd944-6f0c-7db2-3796-8e890ef70819 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish configuration management requirements for developers 8747b573-8294-86a0-8914-49e9b06a5ace Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish firewall and router configuration standards 398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish information security workforce development and improvement program b544f797-a73b-1be3-6d01-6b1a085376bc Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish network segmentation for card holder data environment f476f3b0-4152-526e-a209-44e5f8c968d7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish policies for supply chain risk management 9150259b-617b-596d-3bf5-5ca3fce20335 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish privacy requirements for contractors and service providers f8d141b7-4e21-62a6-6608-c79336e36bc9 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish procedures for initial authenticator distribution 35963d41-4263-0ef9-98d5-70eb058f9e3c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish relationship between incident response capability and external providers b470a37a-7a47-3792-34dd-7a793140702e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish requirements for audit review and reporting b3c8cc83-20d3-3890-8bc8-5568777670f4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish requirements for internet service providers 5f2e834d-7e40-a4d5-a216-e49b16955ccf Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish security requirements for the manufacturing of connected devices afbecd30-37ee-a27b-8e09-6ac49951a0ee Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish terms and conditions for accessing resources 3c93dba1-84fd-57de-33c7-ef0400a08134 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish terms and conditions for processing resources 5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish third-party personnel security requirements 3881168c-5d38-6f04-61cc-b5d87b2c4c58 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish usage restrictions for mobile code technologies ffdaa742-0d6f-726f-3eac-6e6c34e36c93 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish voip usage restrictions 68a39c2b-0f17-69ee-37a3-aa10f9853a08 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Evaluate and review PII holdings regularly b6b32f80-a133-7600-301e-398d688e7e0c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Event Hub should use a virtual network service endpoint d63edb4a-c612-454d-b47d-191a724fcbf0 Network Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Execute actions in response to information spills ba78efc6-795c-64f4-7a02-91effbd34af9 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Explicitly notify use of collaborative computing devices 62fa14f0-4cbe-762d-5469-0899a99b98aa Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
External accounts with owner permissions should be removed from your subscription f8456c1c-aa66-4dfb-861a-25d127b775c9 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Facilitate information sharing a44c9fba-43f8-4b7b-7ee6-db52c96b4366 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Function apps should have remote debugging turned off 0e60b895-3786-45da-8377-9c6b4b6ac5f9 App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Function apps should not have CORS configured to allow every resource to access your apps 0820b7b9-23aa-4725-a1ce-ae4558f718e5 App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Function apps should only be accessible over HTTPS 6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab App Service Default
Audit
Allowed
Audit, Disabled, Deny
0 GA
Function apps should use the latest TLS version f9d614c5-c173-4d56-95a7-b4437057d193 App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Gateway subnets should not be configured with a network security group 35f9c03a-cc27-418e-9c0c-539ff999d010 Network Fixed
deny
0 GA
Generate error messages c2cb4658-44dc-9d11-3dad-7c6802dd5ba3 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Generate internal security alerts 171e377b-5224-4a97-1eaa-62a3b5231dac Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Geo-redundant backup should be enabled for Azure Database for MariaDB 0ec47710-77ff-4a3d-9181-6aa50af424d0 SQL Default
Audit
Allowed
Audit, Disabled
0 GA
Geo-redundant backup should be enabled for Azure Database for MySQL 82339799-d096-41ae-8538-b108becf0970 SQL Default
Audit
Allowed
Audit, Disabled
0 GA
Geo-redundant backup should be enabled for Azure Database for PostgreSQL 48af4db5-9b8b-401c-8e74-076be876a430 SQL Default
Audit
Allowed
Audit, Disabled
0 GA
Govern and monitor audit processing activities 333b4ada-4a02-0648-3d4d-d812974f1bb2 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Govern compliance of cloud service providers 5c33538e-02f8-0a7f-998b-a4c1e22076d3 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Govern policies and procedures 1a2a03a4-9992-5788-5953-d8f6615306de Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Govern the allocation of resources 33d34fac-56a8-1c0f-0636-3ed94892a709 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Identify actions allowed without authentication 92a7591f-73b3-1173-a09c-a08882d84c70 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Identify and authenticate network devices ae5345d5-8dab-086a-7290-db43a3272198 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Identify and authenticate non-organizational users e1379836-3492-6395-451d-2f5062e14136 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Identify and manage downstream information exchanges c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Identify and mitigate potential issues at alternate storage site 13939f8c-4cd5-a6db-9af4-9dfec35e3722 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Identify classes of Incidents and Actions taken 23d1a569-2d1e-7f43-9e22-1f94115b7dd5 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Identify external service providers 46ab2c5e-6654-1f58-8c83-e97a44f39308 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Identify incident response personnel 037c0089-6606-2dab-49ad-437005b5035f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Identify individuals with security roles and responsibilities 0dcbaf2f-075e-947b-8f4c-74ecc5cd302c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Identify status of individual users ca748dfe-3e28-1d18-4221-89aea30aa0a5 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement a fault tolerant name/address service ced727b3-005e-3c5b-5cd5-230b79d56ee8 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement a penetration testing methodology c2eabc28-1e5c-78a2-a712-7cc176c44c07 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement a threat awareness program 015b4935-448a-8684-27c0-d13086356c33 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement an automated configuration management tool 33832848-42ab-63f3-1a55-c0ad309d44cd Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement an insider threat program 35de8462-03ff-45b3-5746-9d4603c74c56 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement controls to secure all media e435f7e3-0dd9-58c9-451f-9b44b96c0232 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement controls to secure alternate work sites cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement cryptographic mechanisms 10c3a1b1-29b0-a2d5-8f4c-a284b0f07830 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement formal sanctions process 5decc032-95bd-2163-9549-a41aba83228e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement incident handling 433de59e-7a53-a766-02c2-f80f8421469a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement Incident handling capability 98e33927-8d7f-6d5f-44f5-2469b40b7215 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement managed interface for each external service b262e1dd-08e9-41d4-963a-258909ad794b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement parameters for memorized secret verifiers 3b30aa25-0f19-6c04-5ca4-bd3f880a763d Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement personnel screening e0c480bf-0d68-a42d-4cbb-b60f851f8716 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement physical security for offices, working areas, and secure areas 05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement plans of action and milestones for security program process d93fe1be-13e4-421d-9c21-3158e2fa2667 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement privacy notice delivery methods 06f84330-4c27-21f7-72cd-7488afd50244 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement privileged access for executing vulnerability scanning activities 5b802722-71dd-a13d-2e7e-231e09589efb Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement security directives 26d178a4-9261-6f04-a100-47ed85314c6e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement security engineering principles of information systems df2e9507-169b-4114-3a52-877561ee3198 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement security testing, training, and monitoring plans 21832235-7a07-61f4-530d-d596f76e5b95 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement system boundary protection 01ae60e2-38bb-0a32-7b20-d3a091423409 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement the risk management strategy c6fe3856-4635-36b6-983c-070da12a953b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement training for protecting authenticators e4b00788-7e1c-33ec-0418-d048508e095b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement transaction based recovery ba02d0a0-566a-25dc-73f1-101c726a19c5 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Incorporate flaw remediation into configuration management 34aac8b2-488a-2b96-7280-5b9b481a317a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Incorporate simulated contingency training 9c954fcf-6dd8-81f1-41b5-832ae5c62caf Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Incorporate simulated events into incident response training 1fdeb7c4-4c93-8271-a135-17ebe85f1cc7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Information flow control using security policy filters 13ef3484-3a51-785a-9c96-500f21f84edd Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Information security and personal data protection 34738025-5925-51f9-1081-f2d0060133ed Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Initiate transfer or reassignment actions b8a9bb2f-7290-3259-85ce-dca7d521302d Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Install an alarm system aa0ddd99-43eb-302d-3f8f-42b499182960 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Integrate Audit record analysis 85335602-93f5-7730-830b-d43426fd51fa Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Integrate audit review, analysis, and reporting f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Integrate cloud app security with a siem 9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Integrate risk management process into SDLC 00f12b6f-10d7-8117-9577-0f2b76488385 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Internet-facing virtual machines should be protected with network security groups f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Isolate SecurID systems, Security Incident Management systems dd6d00a8-701a-5935-a22b-c7b9c0c698b2 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Issue guidelines for ensuring data quality and integrity 0a24f5dc-8c40-94a7-7aee-bb7cd4781d37 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Issue public key certificates 97d91b33-7050-237b-3e23-a77d57d84e13 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Keep accurate accounting of disclosures of information 0bbfd658-93ab-6f5e-1e19-3c1c1da62d01 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Keep SORNs updated 3bd4e0af-7cbb-a3ec-4918-056a3c017ae2 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Key Vault should use a virtual network service endpoint ea4d6841-2173-4317-9747-ff522a45120f Network Default
Audit
Allowed
Audit, Disabled
0 GA
Key vaults should have purge protection enabled 0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key Vault Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Limit privileges to make changes in production environment 2af551d5-1775-326a-0589-590bfb7e9eb2 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Long-term geo-redundant backup should be enabled for Azure SQL Databases d38fc420-0735-4ef3-ac11-c806f651a570 SQL Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Maintain data breach records 0fd1ca29-677b-2f12-1879-639716459160 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Maintain incident response plan 37546841-8ea1-5be0-214d-8ac599588332 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Maintain list of authorized remote maintenance personnel 4ce91e4e-6dab-3c46-011a-aa14ae1561bf Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Maintain records of processing of personal data 92ede480-154e-0e22-4dca-8b46a74a3a51 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Maintain separate execution domains for running processes bfc540fe-376c-2eef-4355-121312fa4437 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Make accounting of disclosures available upon request d4f70530-19a2-2a85-6e0c-0c3c465e3325 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Make SORNs available publicly f3c17714-8ce7-357f-4af2-a0baa63a063f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Manage a secure surveillance camera system f2222056-062d-1060-6dc2-0107a68c34b2 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Manage authenticator lifetime and reuse 29363ae1-68cd-01ca-799d-92c9197c8404 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Manage Authenticators 4aacaec9-0628-272c-3e83-0d68446694e0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Manage availability and capacity edcc36f1-511b-81e0-7125-abee29752fe7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Manage compliance activities 4e400494-53a5-5147-6f4d-718b539c7394 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Manage contacts for authorities and special interest groups 5269d7e4-3768-501d-7e46-66c56c15622c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Manage gateways 63f63e71-6c3f-9add-4c43-64de23e554a7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Manage maintenance personnel b273f1e3-79e7-13ee-5b5d-dca6c66c3d5d Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Manage nonlocal maintenance and diagnostic activities 1fb1cb0e-1936-6f32-42fd-89970b535855 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Manage symmetric cryptographic keys 9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Manage system and admin accounts 34d38ea7-6754-1838-7031-d7fd07099821 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Manage the input, output, processing, and storage of data e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Manage the transportation of assets 4ac81669-00e2-9790-8648-71bc11bc91eb Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Management ports of virtual machines should be protected with just-in-time network access control b0f33259-77d7-4c9e-aac6-3aabcfae693c Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Management ports should be closed on your virtual machines 22730e10-96f6-4aac-ad84-9383d35b5917 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Measure the time between flaw identification and flaw remediation dad1887d-161b-7b61-2e4d-5124a7b5724e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
MFA should be enabled for accounts with write permissions on your subscription 9297c21d-2ed6-4474-b48f-163f75654ce3 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
MFA should be enabled on accounts with owner permissions on your subscription aa633080-8b72-40c4-a2d7-d00c03e80bed Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
MFA should be enabled on accounts with read permissions on your subscription e3576e28-8b17-4677-84c3-db2990658d64 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Microsoft Antimalware for Azure should be configured to automatically update protection signatures c43e4a30-77cb-48ab-a4dd-93f175c63b57 Compute Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Modify access authorizations upon personnel transfer 979ed3b6-83f9-26bc-4b86-5b05464700bf Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Monitor access across the organization 48c816c5-2190-61fc-8806-25d6f3df162f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Monitor account activity 7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Monitor missing Endpoint Protection in Azure Security Center af6cd1bd-1635-48cb-bde7-5b15693900b9 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Monitor privileged role assignment ed87d27a-9abf-7c71-714c-61d881889da4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Monitor security and privacy training completion 82bd024a-5c99-05d6-96ff-01f539676a1a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Monitor third-party provider compliance f8ded0c6-a668-9371-6bb6-661d58787198 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Network Watcher should be enabled b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Not allow for information systems to accompany with individuals 41172402-8d73-64c7-0921-909083c086b0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Notify Account Managers of customer controlled accounts 4b8fd5da-609b-33bf-9724-1c946285a14c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Notify personnel of any failed security verification tests 18e9d748-73d4-0c96-55ab-b108bfbd5bc3 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Notify personnel upon sanctions 6228396e-2ace-7ca5-3247-45767dbf52f4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Notify upon termination or transfer c79d378a-2521-822a-0407-57454f8d2c74 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Notify users of system logon or access fe2dff43-0a8c-95df-0432-cb1c794b17d0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Notify when account is not needed 8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Obscure feedback information during authentication process 1ff03f2a-974b-3272-34f2-f6cd51420b30 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Observe and report security weaknesses ff136354-1c92-76dc-2dab-80fb7c6a9f1a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Obtain Admin documentation 3f1216b0-30ee-1ac9-3899-63eb744e85f5 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Obtain approvals for acquisitions and outsourcing 92b94485-1c49-3350-9ada-dffe94f08e87 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Obtain consent prior to collection or processing of personal data 069101ac-4578-31da-0cd4-ff083edd3eb4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Obtain design and implementation information for the security controls 22a02c9a-49e4-5dc9-0d14-eb35ad717154 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Obtain functional properties of security controls 44b71aa8-099d-8b97-1557-0e853ec38e0d Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Obtain legal opinion for monitoring system activities d9af7f88-686a-5a8b-704b-eafdab278977 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Obtain user security function documentation be1c34ab-295a-07a6-785c-36f63c1d223e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Only secure connections to your Azure Cache for Redis should be enabled 22bee202-a82f-4305-9a2a-6d7f44d4dedb Cache Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Perform a business impact assessment and application criticality assessment cb8841d4-9d13-7292-1d06-ba4d68384681 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Perform a privacy impact assessment d18af1ac-0086-4762-6dc8-87cdded90e39 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Perform a risk assessment 8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Perform a trend analysis on threats 50e81644-923d-33fc-6ebb-9733bc8d1a06 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Perform all non-local maintenance 5bac5fb7-7735-357b-767d-02264bfe5c3b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Perform audit for configuration change control 1282809c-9001-176b-4a81-260a085f4872 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Perform disposition review b5a4be05-3997-1731-3260-98be653610f6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Perform information input validation 8b1f29eb-1b22-4217-5337-9207cb55231e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Perform security function verification at a defined frequency f30edfad-4e1d-1eef-27ee-9292d6d89842 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Perform threat modeling bf883b14-9c19-0f37-8825-5e39a8b66d5b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Perform vulnerability scans 3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Plan for resumption of essential business functions 7ded6497-815d-6506-242b-e043e0273928 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Prevent identifier reuse for the defined time period 4781e5fd-76b8-7d34-6df3-a0a7fca47665 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Prevent split tunneling for remote devices 66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Produce complete records of remote maintenance activities 74041cfe-3f87-1d17-79ec-34ca5f895542 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Produce Security Assessment report 70a7a065-a060-85f8-7863-eb7850ed2af9 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Produce, control and distribute asymmetric cryptographic keys de077e7e-0cc8-65a6-6e08-9ab46c827b05 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Produce, control and distribute symmetric cryptographic keys 16c54e01-9e65-7524-7c33-beda48a75779 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Prohibit binary/machine-executable code 8e920169-739d-40b5-3f99-c4d855327bb2 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Prohibit remote activation of collaborative computing devices 678ca228-042d-6d8e-a598-c58d5670437d Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Prohibit unfair practices 5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Protect administrator and user documentation 09960521-759e-5d12-086f-4192a72a5e92 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Protect against and prevent data theft from departing employees 80a97208-264e-79da-0cc7-4fca179a0c9c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Protect audit information 0e696f5a-451f-5c15-5532-044136538491 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Protect data in transit using encryption b11697e8-9515-16f1-7a35-477d5c8a1344 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Protect incident response plan 2401b496-7f23-79b2-9f80-89bb5abf3d4a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Protect passwords with encryption b2d3e5a2-97ab-5497-565a-71172a729d93 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Protect special information a315c657-4a00-8eba-15ac-44692ad24423 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Protect the information security program plan 2e7a98c9-219f-0d58-38dc-d69038224442 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Protect wireless access d42a8f69-a193-6cbc-48b9-04a9e29961f1 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Provide audit review, analysis, and reporting capability 44f8a42d-739f-8030-89a8-4c2d5b3f6af3 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Provide capability to disconnect or disable remote access 4edaca8c-0912-1ac5-9eaa-6a1057740fae Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Provide capability to process customer-controlled audit records 21633c09-804e-7fcd-78e3-635c6bfe2be7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Provide contingency training de936662-13dc-204c-75ec-1af80f994088 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Provide formal notice to individuals 95eb7d09-9937-5df9-11d9-20317e3f60df Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Provide information spillage training 2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Provide monitoring information as needed 7fc1f0da-0050-19bb-3d75-81ae15940df6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Provide periodic role-based security training 9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Provide periodic security awareness training 516be556-1353-080d-2c2f-f46f000d5785 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Provide privacy notice 098a7b84-1031-66d8-4e78-bd15b5fd2efb Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Provide privacy notice to the public and to individuals 5023a9e7-8e64-2db6-31dc-7bce27f796af Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Provide privacy training 518eafdd-08e5-37a9-795b-15a8d798056d Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Provide role-based practical exercises d041726f-00e0-41ca-368c-b1a122066482 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Provide role-based security training 4c385143-09fd-3a34-790c-a5fd9ec77ddc Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Provide role-based training on suspicious activities f6794ab8-9a7d-3b24-76ab-265d3646232b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Provide secure name and address resolution services bbb2e6d6-085f-5a35-a55d-e45daad38933 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Provide security awareness training for insider threats 9b8b05ec-3d21-215e-5d98-0f7cf0998202 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Provide security training before providing access 2b05dca2-25ec-9335-495c-29155f785082 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Provide security training for new users 1cb7bf71-841c-4741-438a-67c65fdd7194 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Provide timely maintenance support eb598832-4bcc-658d-4381-3ecbe17b9866 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Provide updated security awareness training d136ae80-54dd-321c-98b4-17acf4af2169 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Publish Computer Matching Agreements on public website cdcb825f-a0fb-31f9-29c1-ab566718499a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Publish SORNs for systems containing PII 898a5781-2254-5a37-34c7-d78ea7c20d55 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Reassign or remove user privileges as needed 7805a343-275c-41be-9d62-7215b96212d8 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Reauthenticate or terminate a user session d6653f89-7cb5-24a4-9d71-51581038231b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Record disclosures of PII to third parties 8b1da407-5e60-5037-612e-2caa1b590719 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Recover and reconstitute resources after any disruption f33c3238-11d2-508c-877c-4262ec1132e1 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Reevaluate access upon personnel transfer e89436d8-6a93-3b62-4444-1d2a42ad56b2 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Refresh authenticators 3ae68d9a-5696-8c32-62d3-c6f9c52e437c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Reissue authenticators for changed groups and accounts 2f204e72-1896-3bf8-75c9-9128b8683a36 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Remediate information system flaws be38a620-000b-21cf-3cb3-ea151b704c3b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Remove or redact any PII 94c842e3-8098-38f9-6d3f-8872b790527d Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Require approval for account creation de770ba6-50dd-a316-2932-e0d972eaa734 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Require compliance with intellectual property rights 725164e5-3b21-1ec2-7e42-14f077862841 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Require developer to identify SDLC ports, protocols, and services f6da5cca-5795-60ff-49e1-4972567815fe Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Require developers to build security architecture f131c8c5-a54a-4888-1efc-158928924bc1 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Require developers to describe accurate security functionality 3e37c891-840c-3eb4-78d2-e2e0bb5063e0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Require developers to document approved changes and potential impact 3a868d0c-538f-968b-0191-bddb44da5b75 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Require developers to implement only approved changes 085467a6-9679-5c65-584a-f55acefd0d43 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Require developers to manage change integrity b33d61c1-7463-7025-0ec0-a47585b59147 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Require developers to produce evidence of security assessment plan execution f8a63511-66f1-503f-196d-d6217ee0823a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Require developers to provide training 676c3c35-3c36-612c-9523-36d266a65000 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Require developers to provide unified security protection approach 7a114735-a420-057d-a651-9a73cd0416ef Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Require encryption on Data Lake Store accounts a7ff3161-0087-490a-9ad9-ad6217f4f43a Data Lake Fixed
deny
0 GA
Require external service providers to comply with security requirements 4e45863d-9ea9-32b4-a204-2680bc6007a6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Require interconnection security agreements 096a7055-30cb-2db4-3fda-41b20ac72667 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Require notification of third-party personnel transfer or termination afd5d60a-48d2-8073-1ec2-6687e22f2ddd Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Require third-party providers to comply with personnel security policies and procedures e8c31e15-642d-600f-78ab-bad47a5787e6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Require use of individual authenticators 08ad71d0-52be-6503-4908-e015460a16ae Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Require users to sign access agreement 3af53f59-979f-24a8-540f-d7cdbc366607 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Rescreen individuals at a defined frequency c6aeb800-0b19-944d-92dc-59b893722329 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Resource logs in Azure Data Lake Store should be enabled 057ef27e-665e-4328-8ea3-04b3122bd9fb Data Lake Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Resource logs in Azure Key Vault Managed HSM should be enabled a2a5b911-5617-447e-a49e-59dbe0e0434b Key Vault Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Resource logs in Azure Stream Analytics should be enabled f9be5368-9bf5-4b84-9e0a-7850da98bb46 Stream Analytics Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Resource logs in Batch accounts should be enabled 428256e6-1fac-4f48-a757-df34c2b3336d Batch Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Resource logs in Data Lake Analytics should be enabled c95c74d9-38fe-4f0d-af86-0c7d626a315c Data Lake Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Resource logs in Event Hub should be enabled 83a214f7-d01a-484b-91a9-ed54470c9a6a Event Hub Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Resource logs in IoT Hub should be enabled 383856f8-de7f-44a2-81fc-e5135b5c2aa4 Internet of Things Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Resource logs in Key Vault should be enabled cf820ca0-f99e-4f3e-84fb-66e913812d21 Key Vault Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Resource logs in Logic Apps should be enabled 34f95f76-5386-4de7-b824-0d8478470c9d Logic Apps Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Resource logs in Search services should be enabled b4330a05-a843-4bc8-bf9a-cacce50c67f4 Search Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Resource logs in Service Bus should be enabled f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Service Bus Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Resource logs in Virtual Machine Scale Sets should be enabled 7c1b1214-f927-48bf-8882-84f0af6588b1 Compute Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Restrict access to private keys 8d140e8b-76c7-77de-1d46-ed1b2e112444 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Restrict access to privileged accounts 873895e8-0e3a-6492-42e9-22cd030e9fcd Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Restrict communications 5020f3f4-a579-2f28-72a8-283c5a0b15f9 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Restrict location of information processing, storage and services 0040d2e5-2779-170d-6a2c-1f5fca353335 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Restrict media use 6122970b-8d4a-7811-0278-4c6c68f61e4f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Restrict use of open source software 08c11b48-8745-034d-1c1b-a144feec73b9 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Retain accounting of disclosures of information 75b9db50-7906-2351-98ae-0458218609e5 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Retain previous versions of baseline configs 5e4e9685-3818-5934-0071-2620c4fa2ca5 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Retain security policies and procedures efef28d0-3226-966a-a1e8-70e89c1b30bc Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Retain terminated user data 7c7032fe-9ce6-9092-5890-87a1a3755db1 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Retain training records 3153d9c0-2584-14d3-362d-578b01358aeb Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review access control policies and procedures 03d550b4-34ee-03f4-515f-f2e2faf7a413 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review account provisioning logs a830fe9e-08c9-a4fb-420c-6f6bf1702395 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review administrator assignments weekly f27a298f-9443-014a-0d40-fef12adf0259 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review and reevaluate privileges 585af6e9-90c0-4575-67a7-2f9548972e32 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review and sign revised rules of behavior 6c0a312f-04c5-5c97-36a5-e56763a02b6b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review and update configuration management policies and procedures eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review and update contingency planning policies and procedures e9c60c37-65b0-2d72-6c3c-af66036203ae Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review and update identification and authentication policies and procedures 29acfac0-4bb4-121b-8283-8943198b1549 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review and update incident response policies and procedures b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review and update information integrity policies and procedures 6bededc0-2985-54d5-4158-eb8bad8070a0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review and update media protection policies and procedures b4e19d22-8c0e-7cad-3219-c84c62dc250f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review and update personnel security policies and procedures e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review and update physical and environmental policies and procedures 91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review and update planning policies and procedures 28aa060e-25c7-6121-05d8-a846f11433df Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review and update risk assessment policies and procedures 20012034-96f0-85c2-4a86-1ae1eb457802 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review and update system and communications protection policies and procedures adf517f3-6dcd-3546-9928-34777d0c277e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review and update system and services acquisition policies and procedures f49925aa-9b11-76ae-10e2-6e973cc60f37 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review and update system maintenance policies and procedures 2067b904-9552-3259-0cdd-84468e284b7c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review and update the events defined in AU-02 a930f477-9dcb-2113-8aa7-45bb6fc90861 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review and update the information security architecture ced291b8-1d3d-7e27-40cf-829e9dd523c8 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review audit data 6625638f-3ba1-7404-5983-0ea33d719d34 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review changes for any unauthorized changes c246d146-82b0-301f-32e7-1065dcd248b7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review cloud identity report overview 8aec4343-9153-9641-172c-defb201f56b3 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review cloud service provider's compliance with policies and agreements ffea18d9-13de-6505-37f3-4c1f88070ad7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review content prior to posting publicly accessible information 9e3c505e-7aeb-2096-3417-b132242731fc Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review contingency plan 53fc1282-0ee3-2764-1319-e20143bb0ea5 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review controlled folder access events f48b60c6-4b37-332f-7288-b6ea50d300eb Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review development process, standards and tools 1e876c5c-0f2a-8eb6-69f7-5f91e7918ed6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review exploit protection events a30bd8e9-7064-312a-0e1f-e1b485d59f6e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review file and folder activity ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review label activity and analytics e23444b9-9662-40f3-289e-6d25c02b48fa Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review malware detections report weekly 4a6f5cbd-6c6b-006f-2bb1-091af1441bce Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review publicly accessible content for nonpublic information b5244f81-6cab-3188-2412-179162294996 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review role group changes weekly 70fe686f-1f91-7dab-11bf-bca4201e183b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review security assessment and authorization policies and procedures a4493012-908c-5f48-a468-1e243be884ce Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review security testing, training, and monitoring plans c3b3cc61-9c70-5d78-7f12-1aefcc477db7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review threat protection status weekly fad161f5-5261-401a-22dd-e037bae011bd Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review user accounts 79f081c7-1634-01a1-708e-376197999289 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review user groups and applications with access to sensitive data eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review user privileges f96d2186-79df-262d-3f76-f371e3b71798 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Revoke privileged roles as appropriate 32f22cfa-770b-057c-965b-450898425519 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Role-Based Access Control (RBAC) should be used on Kubernetes Services ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Security Center Default
Audit
Allowed
Audit, Disabled
0 GA
Route traffic through authenticated proxy network d91558ce-5a5c-551b-8fbb-83f793255e09 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Route traffic through managed network access points bab9ef1d-a16d-421a-822d-3fa94e808156 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Run simulation attacks a8f9c283-9a66-3eb3-9e10-bdba95b85884 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Satisfy token quality requirements 056a723b-4946-9d2a-5243-3aa27c4d31a1 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Secure commitment from leadership 70057208-70cc-7b31-3c3a-121af6bc1966 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Secure the interface to external systems ff1efad2-6b09-54cc-01bf-d386c4d558a8 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Secure transfer to storage accounts should be enabled 404c3081-a854-4457-ae30-26a93ef643f9 Storage Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Select additional testing for security control assessments f78fc35e-1268-0bca-a798-afcba9d2330a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Separate duties of individuals 60ee1260-97f0-61bb-8155-5d8b75743655 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Separate user and information system management functionality 8a703eb5-4e53-701b-67e4-05ba2f7930c8 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Separately store backup information fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Set automated notifications for new and trending cloud applications in your organization af38215f-70c4-0cd6-40c2-c52d86690a45 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Specify permitted actions associated with customer audit information 3eecf628-a1c8-1b48-1b5c-7ca781e97970 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
SQL databases should have vulnerability findings resolved feedbf84-6b99-488c-acc2-71c829aa5ffc Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
SQL managed instances should use customer-managed keys to encrypt data at rest ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
SQL Server should use a virtual network service endpoint ae5d2f14-d830-42b6-9899-df6cfe9c71a3 Network Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
SQL servers should use customer-managed keys to encrypt data at rest 0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Storage accounts should restrict network access 34c877ad-507e-4c82-993e-3452a6e0ad3c Storage Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Storage Accounts should use a virtual network service endpoint 60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Network Default
Audit
Allowed
Audit, Disabled
0 GA
Subnets should be associated with a Network Security Group e71308d3-144b-4262-b144-efdc3cc90517 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Support personal verification credentials issued by legal authorities 1d39b5d9-0392-8954-8359-575ce1957d1a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
System updates on virtual machine scale sets should be installed c3f317a7-a95c-4547-b7e7-11017ebdf2fe Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
System updates should be installed on your machines 86b3d65f-7626-441e-b690-81a8b71cff60 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Terminate user session automatically 4502e506-5f35-0df4-684f-b326e3cc7093 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Test the business continuity and disaster recovery plan 58a51cde-008b-1a5d-61b5-d95849770677 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
The Log Analytics extension should be installed on Virtual Machine Scale Sets efbde977-ba53-4479-b8e9-10b957924fbf Monitoring Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
There should be more than one owner assigned to your subscription 09024ccc-0c5f-475e-9457-b7c0d9ed487b Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Track software license usage 77cc89bb-774f-48d7-8a84-fb8c322c3000 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Train personnel on disclosure of nonpublic information 97f0d974-1486-01e2-2088-b888f46c0589 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Train staff on PII sharing and its consequences 8019d788-713d-90a1-5570-dac5052f517d Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Transfer backup information to an alternate storage site 7bdb79ea-16b8-453e-4ca4-ad5b16012414 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Transparent Data Encryption on SQL databases should be enabled 17k78e20-9358-41c9-923c-fb736d382a12 SQL Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Turn on sensors for endpoint security solution 5fc24b95-53f7-0ed1-2330-701b539b97fe Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Undergo independent security review 9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Update antivirus definitions ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Update contingency plan 14a4fd0a-9100-1e12-1362-792014a28155 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Update information security policies 5226dee6-3420-711b-4709-8e675ebd828f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Update interconnection security agreements d48a6f19-a284-6fc6-0623-3367a74d3f50 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Update organizational access agreements e21f91d1-2803-0282-5f2d-26ebc4b170ef Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Update POA&M items cc057769-01d9-95ad-a36f-1e62a7f9540b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Update privacy plan, policies, and procedures 96333008-988d-4add-549b-92b3a8c42063 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Update rules of behavior and access agreements 6610f662-37e9-2f71-65be-502bdc2f554d Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Update rules of behavior and access agreements every 3 years 7ad83b58-2042-085d-08f0-13e946f26f89 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Update the security authorization 449ebb52-945b-36e5-3446-af6f33770f8f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Use automated mechanisms for security alerts b8689b2e-4308-a58b-a0b4-6f3343a000df Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Use dedicated machines for administrative tasks b8972f60-8d77-1cb8-686f-9c9f4cdd8a59 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Use privileged identity management e714b481-8fac-64a2-14a9-6f079b2501a4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Use system clocks for audit records 1ee4c7eb-480a-0007-77ff-4ba370776266 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Verify identity before distributing authenticators 72889284-15d2-90b2-4b39-a1e9541e1152 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Verify personal data is deleted at the end of processing c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Verify security controls for external information systems dc7ec756-221c-33c8-0afe-c48e10e42321 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Verify security functions ece8bb17-4080-5127-915f-dc7267ee8549 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Verify software, firmware and information integrity db28735f-518f-870e-15b4-49623cbe3aa0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
View and configure system diagnostic data 0123edae-3567-a05a-9b05-b53ebe9d3e7e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
View and investigate restricted users 98145a9b-428a-7e81-9d14-ebb154a24f93 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Virtual machines should be connected to an approved virtual network d416745a-506c-48b6-8ab1-83cb814bcaa3 Network Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Virtual machines should be migrated to new Azure Resource Manager resources 1d84d5fb-01f6-4d12-ba4f-4a26081d403d Compute Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources 0961003e-5a0a-4549-abde-af6a37f2724d Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Virtual machines should have the Log Analytics extension installed a70ca396-0a34-413a-88e1-b956c1e683be Monitoring Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Vulnerabilities in container security configurations should be remediated e8cbc669-f12d-49eb-93e7-9273119e9933 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Vulnerabilities in security configuration on your machines should be remediated e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Vulnerabilities in security configuration on your virtual machine scale sets should be remediated 3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Vulnerability assessment should be enabled on SQL Managed Instance 1b7aa243-30e4-4c9e-bca8-d0d3022b634a SQL Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Vulnerability assessment should be enabled on your SQL servers ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 SQL Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Windows machines should meet requirements for 'Administrative Templates - Network' 67e010c1-640d-438e-a3a5-feaccb533a98 Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Windows machines should meet requirements for 'Security Options - Accounts' ee984370-154a-4ee8-9726-19d900e56fc0 Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Windows machines should meet requirements for 'Security Options - Audit' 33936777-f2ac-45aa-82ec-07958ec9ade4 Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Windows machines should meet requirements for 'Security Options - Microsoft Network Server' caf2d518-f029-4f6b-833b-d7081702f253 Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Windows machines should meet requirements for 'Security Options - Network Access' 3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Windows machines should meet requirements for 'Security Options - Recovery console' f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Windows machines should meet requirements for 'Security Options - User Account Control' 492a29ed-d143-4f03-b6a4-705ce081b463 Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Windows machines should meet requirements for 'System Audit Policies - Account Management' 94d9aca8-3757-46df-aa51-f218c5f11954 Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' 58383b73-94a9-4414-b382-4146eb02611b Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Windows machines should meet requirements for 'User Rights Assignment' e068b215-0026-4354-b347-8fb2766f73a2 Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Windows machines should meet requirements for 'Windows Firewall Properties' 35d9882c-993d-44e6-87d2-db66ce21b636 Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Roles used Total Roles usage: 8
Total Roles unique usage: 5
Role Role Id Policies count Policies
Monitoring Contributor 749f88d5-cbae-40b8-bcfc-e573ddc772fa 1 Deploy Diagnostic Settings for Network Security Groups
Network Contributor 4d97b98b-1d4f-4787-a291-c67834d212e7 1 Deploy network watcher when virtual networks are created
Virtual Machine Contributor 9980e02c-c2be-4d73-94e8-173b1dc7cf3c 1 Deploy default Microsoft IaaSAntimalware extension for Windows Server
Storage Account Contributor 17d1049b-9a84-46fb-8f53-869881c3d3ab 1 Deploy Diagnostic Settings for Network Security Groups
Contributor b24988ac-6180-42a0-ab88-20f7382dd24c 4 Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities, Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity, Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs, Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs
JSON