AzInitiativeAdvertizer

last sync: 2023-Mar-21 18:43:25 UTC

Azure Policy Initiative

NIST SP 800-53 Rev. 4

NameNIST SP 800-53 Rev. 4
Azure Portal
Idcf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f
Version17.2.0
details on versioning
CategoryRegulatory Compliance
Microsoft docs
DescriptionNational Institute of Standards and Technology (NIST) SP 800-53 R4 provides a standardized approach for assessing, monitoring and authorizing cloud computing products and services to manage information security risk.These policies address a subset of NIST SP 800-53 R4 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/nist800-53r4-initiative
TypeBuiltIn
DeprecatedFalse
PreviewFalse
History
Date/Time (UTC ymd) (i) Changes
2023-02-21 18:41:21 add Policy Azure Key Vaults should use private link (a6abeaec-4d90-4a02-805f-6b26c4d3fbe9)
Version change: '17.0.0' to '17.2.0'
remove Policy [Deprecated]: Private endpoint should be configured for Key Vault (5f0bc445-3935-4915-9981-011aa2b46147)
remove Policy [Deprecated]: Resource logs in Virtual Machine Scale Sets should be enabled (7c1b1214-f927-48bf-8882-84f0af6588b1)
2022-09-27 16:35:21 add Policy Establish an alternate processing site (af5ff768-a34b-720e-1224-e6b3214f3ba6)
add Policy Install an alarm system (aa0ddd99-43eb-302d-3f8f-42b499182960)
add Policy Authorize remote access (dad8a2e9-6f27-4fc2-8933-7e99fe700c9c)
add Policy Monitor privileged role assignment (ed87d27a-9abf-7c71-714c-61d881889da4)
add Policy Identify status of individual users (ca748dfe-3e28-1d18-4221-89aea30aa0a5)
add Policy Review cloud service provider's compliance with policies and agreements (ffea18d9-13de-6505-37f3-4c1f88070ad7)
add Policy Review threat protection status weekly (fad161f5-5261-401a-22dd-e037bae011bd)
add Policy Maintain availability of information (3ad7f0bc-3d03-0585-4d24-529779bb02c2)
add Policy Generate error messages (c2cb4658-44dc-9d11-3dad-7c6802dd5ba3)
add Policy Enable network protection (8c255136-994b-9616-79f5-ae87810e0dcf)
add Policy Protect wireless access (d42a8f69-a193-6cbc-48b9-04a9e29961f1)
add Policy Assess information security events (37b0045b-3887-367b-8b4d-b9a6fa911bb9)
add Policy Designate personnel to supervise unauthorized maintenance activities (7a489c62-242c-5db9-74df-c073056d6fa3)
add Policy Verify identity before distributing authenticators (72889284-15d2-90b2-4b39-a1e9541e1152)
add Policy Automate notification of employee termination (729c8708-2bec-093c-8427-2e87d2cd426d)
add Policy Take action in response to customer information (d25cbded-121e-0ed6-1857-dc698c9095b1)
add Policy Monitor third-party provider compliance (f8ded0c6-a668-9371-6bb6-661d58787198)
add Policy Identify individuals with security roles and responsibilities (0dcbaf2f-075e-947b-8f4c-74ecc5cd302c)
add Policy Secure the interface to external systems (ff1efad2-6b09-54cc-01bf-d386c4d558a8)
add Policy Establish third-party personnel security requirements (3881168c-5d38-6f04-61cc-b5d87b2c4c58)
add Policy Restore resources to operational state (f801d58e-5659-9a4a-6e8d-02c9334732e5)
add Policy Establish a threat intelligence program (b0e3035d-6366-2e37-796e-8bcab9c649e6)
add Policy Require developers to provide unified security protection approach (7a114735-a420-057d-a651-9a73cd0416ef)
add Policy Perform all non-local maintenance (5bac5fb7-7735-357b-767d-02264bfe5c3b)
add Policy Authorize and manage access (50e9324a-7410-0539-0662-2c1e775538b7)
add Policy Develop and establish a system security plan (b2ea1058-8998-3dd1-84f1-82132ad482fd)
add Policy Develop organization code of conduct policy (d02498e0-8a6f-6b02-8332-19adf6711d1e)
add Policy Document security strength requirements in acquisition contracts (ebb0ba89-6d8c-84a7-252b-7393881e43de)
add Policy Review security assessment and authorization policies and procedures (a4493012-908c-5f48-a468-1e243be884ce)
add Policy Establish a discrete line item in budgeting documentation (06af77de-02ca-0f3e-838a-a9420fe466f5)
add Policy Review file and folder activity (ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba)
add Policy Notify upon termination or transfer (c79d378a-2521-822a-0407-57454f8d2c74)
add Policy Define information system account types (623b5f0a-8cbd-03a6-4892-201d27302f0c)
add Policy Automate process to prohibit implementation of unapproved changes (7d10debd-4775-85a7-1a41-7e128e0e8c50)
add Policy Manage authenticator lifetime and reuse (29363ae1-68cd-01ca-799d-92c9197c8404)
add Policy Ensure security categorization is approved (6c79c3e5-5f7b-a48a-5c7b-8c158bc01115)
add Policy Review and update identification and authentication policies and procedures (29acfac0-4bb4-121b-8283-8943198b1549)
add Policy Develop and maintain baseline configurations (2f20840e-7925-221c-725d-757442753e7c)
add Policy Distribute policies and procedures (eff6e4a5-3efe-94dd-2ed1-25d56a019a82)
add Policy Audit privileged functions (f26af0b1-65b6-689a-a03f-352ad2d00f98)
add Policy Plan for continuance of essential business functions (d9edcea6-6cb8-0266-a48c-2061fbac4310)
add Policy Review and reevaluate privileges (585af6e9-90c0-4575-67a7-2f9548972e32)
add Policy Develop acceptable use policies and procedures (42116f15-5665-a52a-87bb-b40e64c74b6c)
add Policy Define access authorizations to support separation of duties (341bc9f1-7489-07d9-4ec6-971573e1546a)
add Policy Authenticate to cryptographic module (6f1de470-79f3-1572-866e-db0771352fc8)
add Policy Assign information security representative to change control (6abdf7c7-362b-3f35-099e-533ed50988f9)
add Policy Update antivirus definitions (ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65)
add Policy Assign an authorizing official (AO) (e29a8f1b-149b-2fa3-969d-ebee1baa9472)
add Policy Review label activity and analytics (e23444b9-9662-40f3-289e-6d25c02b48fa)
add Policy Establish a risk management strategy (d36700f2-2f0d-7c2a-059c-bdadd1d79f70)
add Policy Assess Security Controls (c423e64d-995c-9f67-0403-b540f65ba42a)
add Policy Identify and mitigate potential issues at alternate storage site (13939f8c-4cd5-a6db-9af4-9dfec35e3722)
add Policy Automate implementation of approved change notifications (c72fc0c8-2df8-7506-30be-6ba1971747e1)
add Policy Set automated notifications for new and trending cloud applications in your organization (af38215f-70c4-0cd6-40c2-c52d86690a45)
add Policy Document third-party personnel security requirements (b320aa42-33b4-53af-87ce-100091d48918)
add Policy Require developers to build security architecture (f131c8c5-a54a-4888-1efc-158928924bc1)
add Policy Develop configuration management plan (04837a26-2601-1982-3da7-bf463e6408f4)
add Policy Authorize access to security functions and information (aeed863a-0f56-429f-945d-8bb66bd06841)
add Policy Generate internal security alerts (171e377b-5224-4a97-1eaa-62a3b5231dac)
add Policy Define mobile device requirements (9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4)
add Policy Report atypical behavior of user accounts (e4054c0e-1184-09e6-4c5e-701e0bc90f81)
add Policy Obtain user security function documentation (be1c34ab-295a-07a6-785c-36f63c1d223e)
add Policy Enforce software execution privileges (68d2e478-3b19-23eb-1357-31b296547457)
add Policy Notify when account is not needed (8489ff90-8d29-61df-2d84-f9ab0f4c5e84)
add Policy Manage Authenticators (4aacaec9-0628-272c-3e83-0d68446694e0)
add Policy Develop an incident response plan (2b4e134f-1e4c-2bff-573e-082d85479b6e)
add Policy Integrate audit review, analysis, and reporting (f741c4e6-41eb-15a4-25a2-61ac7ca232f0)
add Policy Audit user account status (49c23d9b-02b0-0e42-4f94-e8cef1b8381b)
add Policy Create separate alternate and primary storage sites (81b6267b-97a7-9aa5-51ee-d2584a160424)
add Policy Perform a risk assessment (8c5d3d8d-5cba-0def-257c-5ab9ea9644dc)
add Policy Establish terms and conditions for processing resources (5715bf33-a5bd-1084-4e19-bc3c83ec1c35)
add Policy Implement parameters for memorized secret verifiers (3b30aa25-0f19-6c04-5ca4-bd3f880a763d)
add Policy Document the protection of cardholder data in third party contracts (77acc53d-0f67-6e06-7d04-5750653d4629)
add Policy Require use of individual authenticators (08ad71d0-52be-6503-4908-e015460a16ae)
add Policy Document wireless access security controls (8f835d6a-4d13-9a9c-37dc-176cebd37fda)
add Policy Not allow for information systems to accompany with individuals (41172402-8d73-64c7-0921-909083c086b0)
add Policy Facilitate information sharing (a44c9fba-43f8-4b7b-7ee6-db52c96b4366)
add Policy Create a data inventory (043c1e56-5a16-52f8-6af8-583098ff3e60)
add Policy Verify security functions (ece8bb17-4080-5127-915f-dc7267ee8549)
add Policy Automate process to highlight unreviewed change proposals (92b49e92-570f-1765-804a-378e6c592e28)
add Policy Configure detection whitelist (2927e340-60e4-43ad-6b5f-7a1468232cc2)
add Policy Notify Account Managers of customer controlled accounts (4b8fd5da-609b-33bf-9724-1c946285a14c)
add Policy Manage system and admin accounts (34d38ea7-6754-1838-7031-d7fd07099821)
add Policy Establish voip usage restrictions (68a39c2b-0f17-69ee-37a3-aa10f9853a08)
add Policy Ensure access agreements are signed or resigned timely (e7589f4e-1e8b-72c2-3692-1e14d7f3699f)
add Policy Map authenticated identities to individuals (4012c2b7-4e0e-a7ab-1688-4aab43f14420)
add Policy Integrate Audit record analysis (85335602-93f5-7730-830b-d43426fd51fa)
add Policy Establish a data leakage management procedure (3c9aa856-6b86-35dc-83f4-bc72cec74dea)
add Policy Produce, control and distribute symmetric cryptographic keys (16c54e01-9e65-7524-7c33-beda48a75779)
add Policy Perform security function verification at a defined frequency (f30edfad-4e1d-1eef-27ee-9292d6d89842)
add Policy Implement an automated configuration management tool (33832848-42ab-63f3-1a55-c0ad309d44cd)
add Policy Obtain legal opinion for monitoring system activities (d9af7f88-686a-5a8b-704b-eafdab278977)
add Policy Restrict unauthorized software and firmware installation (4ee5975d-2507-5530-a20a-83a725889c6f)
add Policy Define cryptographic use (c4ccd607-702b-8ae6-8eeb-fc3339cd4b42)
add Policy Prevent identifier reuse for the defined time period (4781e5fd-76b8-7d34-6df3-a0a7fca47665)
add Policy Review and update incident response policies and procedures (b28c8687-4bbd-8614-0b96-cdffa1ac6d9c)
add Policy Review and update personnel security policies and procedures (e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9)
add Policy Manage availability and capacity (edcc36f1-511b-81e0-7125-abee29752fe7)
add Policy Adjust level of audit review, analysis, and reporting (de251b09-4a5e-1204-4bef-62ac58d47999)
add Policy Implement physical security for offices, working areas, and secure areas (05ec66a2-137c-14b8-8e75-3d7a2bef07f8)
add Policy Define information security roles and responsibilities (ef5a7059-6651-73b1-18b3-75b1b79c1565)
add Policy Document mobility training (83dfb2b8-678b-20a0-4c44-5c75ada023e6)
add Policy Review administrator assignments weekly (f27a298f-9443-014a-0d40-fef12adf0259)
add Policy Accept only FICAM-approved third-party credentials (2d2ca910-7957-23ee-2945-33f401606efc)
add Policy Provide information spillage training (2d4d0e90-32d9-4deb-2166-a00d51ed57c0)
add Policy Document security and privacy training activities (524e7136-9f6a-75ba-9089-501018151346)
add Policy Revoke privileged roles as appropriate (32f22cfa-770b-057c-965b-450898425519)
add Policy Select additional testing for security control assessments (f78fc35e-1268-0bca-a798-afcba9d2330a)
add Policy Enforce rules of behavior and access agreements (509552f5-6528-3540-7959-fbeae4832533)
add Policy Control use of portable storage devices (36b74844-4a99-4c80-1800-b18a516d1585)
add Policy Establish benchmarks for flaw remediation (dd2523d5-2db3-642b-a1cf-83ac973b32c2)
add Policy Enforce logical access (10c4210b-3ec9-9603-050d-77e4d26c7ebb)
add Policy Test the business continuity and disaster recovery plan (58a51cde-008b-1a5d-61b5-d95849770677)
add Policy Implement system boundary protection (01ae60e2-38bb-0a32-7b20-d3a091423409)
add Policy Control information flow (59bedbdc-0ba9-39b9-66bb-1d1c192384e6)
add Policy Disable authenticators upon termination (d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10)
add Policy Assign account managers (4c6df5ff-4ef2-4f17-a516-0da9189c603b)
add Policy Control physical access (55a7f9a0-6397-7589-05ef-5ed59a8149e7)
add Policy Perform a trend analysis on threats (50e81644-923d-33fc-6ebb-9733bc8d1a06)
add Policy Provide periodic security awareness training (516be556-1353-080d-2c2f-f46f000d5785)
add Policy Reveal error messages (20762f1e-85fb-31b0-a600-e833633f10fe)
add Policy Provide contingency training (de936662-13dc-204c-75ec-1af80f994088)
add Policy Govern policies and procedures (1a2a03a4-9992-5788-5953-d8f6615306de)
add Policy Notify personnel of any failed security verification tests (18e9d748-73d4-0c96-55ab-b108bfbd5bc3)
add Policy Route traffic through managed network access points (bab9ef1d-a16d-421a-822d-3fa94e808156)
add Policy Obtain Admin documentation (3f1216b0-30ee-1ac9-3899-63eb744e85f5)
add Policy Issue public key certificates (97d91b33-7050-237b-3e23-a77d57d84e13)
add Policy Protect against and prevent data theft from departing employees (80a97208-264e-79da-0cc7-4fca179a0c9c)
add Policy Terminate customer controlled account credentials (76d66b5c-85e4-93f5-96a5-ebb2fad61dc6)
add Policy Produce complete records of remote maintenance activities (74041cfe-3f87-1d17-79ec-34ca5f895542)
add Policy Require developers to describe accurate security functionality (3e37c891-840c-3eb4-78d2-e2e0bb5063e0)
add Policy Track software license usage (77cc89bb-774f-48d7-8a84-fb8c322c3000)
add Policy Isolate information spills (22457e81-3ec6-5271-a786-c3ca284601dd)
add Policy Provide security awareness training for insider threats (9b8b05ec-3d21-215e-5d98-0f7cf0998202)
add Policy Protect administrator and user documentation (09960521-759e-5d12-086f-4192a72a5e92)
add Policy Address coding vulnerabilities (318b2bd9-9c39-9f8b-46a7-048401f33476)
add Policy Establish requirements for audit review and reporting (b3c8cc83-20d3-3890-8bc8-5568777670f4)
add Policy Ensure there are no unencrypted static authenticators (eda0cbb7-6043-05bf-645b-67411f1a59b3)
add Policy Enforce user uniqueness (e336d5f4-4d8f-0059-759c-ae10f63d1747)
add Policy Review and update system and communications protection policies and procedures (adf517f3-6dcd-3546-9928-34777d0c277e)
add Policy Information flow control using security policy filters (13ef3484-3a51-785a-9c96-500f21f84edd)
add Policy Review development process, standards and tools (1e876c5c-0f2a-8eb6-69f7-5f91e7918ed6)
add Policy Establish alternate storage site that facilitates recovery operations (245fe58b-96f8-9f1e-48c5-7f49903f66fd)
add Policy Perform vulnerability scans (3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f)
add Policy Establish and document change control processes (bd4dc286-2f30-5b95-777c-681f3a7913d3)
add Policy Retain previous versions of baseline configs (5e4e9685-3818-5934-0071-2620c4fa2ca5)
add Policy Develop spillage response procedures (bb048641-6017-7272-7772-a008f285a520)
add Policy Require notification of third-party personnel transfer or termination (afd5d60a-48d2-8073-1ec2-6687e22f2ddd)
add Policy Implement controls to secure all media (e435f7e3-0dd9-58c9-451f-9b44b96c0232)
add Policy Assign system identifiers (f29b17a4-0df2-8a50-058a-8570f9979d28)
add Policy Document personnel acceptance of privacy requirements (271a3e58-1b38-933d-74c9-a580006b80aa)
add Policy Ensure system capable of dynamic isolation of resources (83eea3d3-0d2c-9ccd-1021-2111b29b2a62)
add Policy Establish network segmentation for card holder data environment (f476f3b0-4152-526e-a209-44e5f8c968d7)
add Policy Document protection of personal data in acquisition contracts (f9ec3263-9562-1768-65a1-729793635a8d)
add Policy Establish backup policies and procedures (4f23967c-a74b-9a09-9dc2-f566f61a87b9)
add Policy Review malware detections report weekly (4a6f5cbd-6c6b-006f-2bb1-091af1441bce)
add Policy Prevent split tunneling for remote devices (66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8)
add Policy Identify spilled information (69d90ee6-9f9f-262a-2038-d909fb4e5723)
add Policy Develop configuration item identification plan (836f8406-3b8a-11bb-12cb-6c7fa0765668)
add Policy Restrict access to private keys (8d140e8b-76c7-77de-1d46-ed1b2e112444)
add Policy Enforce mandatory and discretionary access control policies (b1666a13-8f67-9c47-155e-69e027ff6823)
add Policy Review and update planning policies and procedures (28aa060e-25c7-6121-05d8-a846f11433df)
add Policy Separately store backup information (fc26e2fd-3149-74b4-5988-d64bb90f8ef7)
add Policy Correlate audit records (10874318-0bf7-a41f-8463-03e395482080)
add Policy Establish security requirements for the manufacturing of connected devices (afbecd30-37ee-a27b-8e09-6ac49951a0ee)
add Policy Control maintenance and repair activities (b6ad009f-5c24-1dc0-a25e-74b60e4da45f)
add Policy Develop security safeguards (423f6d9c-0c73-9cc6-64f4-b52242490368)
add Policy Resume all mission and business functions (91a54089-2d69-0f56-62dc-b6371a1671c0)
add Policy Govern the allocation of resources (33d34fac-56a8-1c0f-0636-3ed94892a709)
add Policy Define acceptable and unacceptable mobile code technologies (1afada58-8b34-7ac2-a38a-983218635201)
add Policy Establish relationship between incident response capability and external providers (b470a37a-7a47-3792-34dd-7a793140702e)
add Policy Update rules of behavior and access agreements (6610f662-37e9-2f71-65be-502bdc2f554d)
add Policy Implement security engineering principles of information systems (df2e9507-169b-4114-3a52-877561ee3198)
add Policy Provide secure name and address resolution services (bbb2e6d6-085f-5a35-a55d-e45daad38933)
add Policy Review content prior to posting publicly accessible information (9e3c505e-7aeb-2096-3417-b132242731fc)
add Policy Use system clocks for audit records (1ee4c7eb-480a-0007-77ff-4ba370776266)
add Policy Manage gateways (63f63e71-6c3f-9add-4c43-64de23e554a7)
add Policy Perform threat modeling (bf883b14-9c19-0f37-8825-5e39a8b66d5b)
add Policy Protect passwords with encryption (b2d3e5a2-97ab-5497-565a-71172a729d93)
add Policy Use dedicated machines for administrative tasks (b8972f60-8d77-1cb8-686f-9c9f4cdd8a59)
add Policy Employ independent assessors for continuous monitoring (3baee3fd-30f5-882c-018c-cc78703a0106)
add Policy Ensure resources are authorized (0716f0f5-4955-2ccb-8d5e-c6be14d57c0f)
add Policy Notify users of system logon or access (fe2dff43-0a8c-95df-0432-cb1c794b17d0)
add Policy Prepare alternate processing site for use as operational site (0f31d98d-5ce2-705b-4aa5-b4f6705110dd)
add Policy Configure workstations to check for digital certificates (26daf649-22d1-97e9-2a8a-01b182194d59)
add Policy Provide security training for new users (1cb7bf71-841c-4741-438a-67c65fdd7194)
add Policy Document customer-defined actions (8c44a0ea-9b09-4d9c-0e91-f9bee3d05bfb)
add Policy Explicitly notify use of collaborative computing devices (62fa14f0-4cbe-762d-5469-0899a99b98aa)
add Policy Perform information input validation (8b1f29eb-1b22-4217-5337-9207cb55231e)
add Policy Review and update configuration management policies and procedures (eb8a8df9-521f-3ccd-7e2c-3d1fcc812340)
add Policy Conform to FICAM-issued profiles (a8df9c78-4044-98be-2c05-31a315ac8957)
add Policy Review and sign revised rules of behavior (6c0a312f-04c5-5c97-36a5-e56763a02b6b)
add Policy Display an explicit logout message (0471c6b7-1588-701c-2713-1fade73b75f6)
add Policy Verify security controls for external information systems (dc7ec756-221c-33c8-0afe-c48e10e42321)
add Policy Update interconnection security agreements (d48a6f19-a284-6fc6-0623-3367a74d3f50)
add Policy Update contingency plan (14a4fd0a-9100-1e12-1362-792014a28155)
add Policy Establish a password policy (d8bbd80e-3bb1-5983-06c2-428526ec6a63)
add Policy Document security assurance requirements in acquisition contracts (13efd2d7-3980-a2a4-39d0-527180c009e8)
add Policy Develop and maintain a vulnerability management standard (055da733-55c6-9e10-8194-c40731057ec4)
add Policy Authorize remote access to privileged commands (01c387ea-383d-4ca9-295a-977fab516b03)
add Policy Conduct risk assessment and distribute its results (d7c1ecc3-2980-a079-1569-91aec8ac4a77)
add Policy Route traffic through authenticated proxy network (d91558ce-5a5c-551b-8fbb-83f793255e09)
add Policy Implement security directives (26d178a4-9261-6f04-a100-47ed85314c6e)
add Policy Require compliance with intellectual property rights (725164e5-3b21-1ec2-7e42-14f077862841)
add Policy Incorporate flaw remediation into configuration management (34aac8b2-488a-2b96-7280-5b9b481a317a)
add Policy Employ automatic shutdown/restart when violations are detected (1b8a7ec3-11cc-a2d3-8cd0-eedf074424a4)
add Policy Establish an information security program (84245967-7882-54f6-2d34-85059f725b47)
add Policy Implement formal sanctions process (5decc032-95bd-2163-9549-a41aba83228e)
add Policy Create alternative actions for identified anomalies (cc2f7339-2fac-1ea9-9ca3-cd530fbb0da2)
add Policy Document organizational access agreements (c981fa70-2e58-8141-1457-e7f62ebc2ade)
add Policy Provide privacy training (518eafdd-08e5-37a9-795b-15a8d798056d)
add Policy Establish policies for supply chain risk management (9150259b-617b-596d-3bf5-5ca3fce20335)
add Policy Document security documentation requirements in acquisition contract (a465e8e9-0095-85cb-a05f-1dd4960d02af)
add Policy Manage a secure surveillance camera system (f2222056-062d-1060-6dc2-0107a68c34b2)
add Policy Develop and document a business continuity and disaster recovery plan (bd6cbcba-4a2d-507c-53e3-296b5c238a8e)
add Policy Correlate Vulnerability scan information (e3905a3c-97e7-0b4f-15fb-465c0927536f)
add Policy Employ FIPS 201-approved technology for PIV (8b333332-6efd-7c0d-5a9f-d1eb95105214)
add Policy Initiate transfer or reassignment actions (b8a9bb2f-7290-3259-85ce-dca7d521302d)
add Policy Undergo independent security review (9b55929b-0101-47c0-a16e-d6ac5c7d21f8)
add Policy Protect audit information (0e696f5a-451f-5c15-5532-044136538491)
add Policy Identify and manage downstream information exchanges (c7fddb0e-3f44-8635-2b35-dc6b8e740b7c)
add Policy Prohibit binary/machine-executable code (8e920169-739d-40b5-3f99-c4d855327bb2)
add Policy Define a physical key management process (51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7)
add Policy Develop contingency plan (aa305b4d-8c84-1754-0c74-dec004e66be0)
add Policy Provide audit review, analysis, and reporting capability (44f8a42d-739f-8030-89a8-4c2d5b3f6af3)
add Policy Document the information system environment in acquisition contracts (c148208b-1a6f-a4ac-7abc-23b1d41121b1)
add Policy Observe and report security weaknesses (ff136354-1c92-76dc-2dab-80fb7c6a9f1a)
add Policy Identify external service providers (46ab2c5e-6654-1f58-8c83-e97a44f39308)
add Policy Conduct a security impact analysis (203101f5-99a3-1491-1b56-acccd9b66a9e)
add Policy Establish a privacy program (39eb03c1-97cc-11ab-0960-6209ed2869f7)
add Policy Conduct exit interview upon termination (496b407d-9b9e-81e8-4ba4-44bc686b016a)
add Policy Categorize information (93fa357f-2e38-22a9-5138-8cc5124e1923)
add Policy Define requirements for managing assets (25a1f840-65d0-900a-43e4-bee253de04de)
add Policy Obtain design and implementation information for the security controls (22a02c9a-49e4-5dc9-0d14-eb35ad717154)
add Policy Employ flow control mechanisms of encrypted information (79365f13-8ba4-1f6c-2ac4-aa39929f56d0)
add Policy Conduct incident response testing (3545c827-26ee-282d-4629-23952a12008b)
add Policy Review audit data (6625638f-3ba1-7404-5983-0ea33d719d34)
add Policy Enforce a limit of consecutive failed login attempts (b4409bff-2287-8407-05fd-c73175a68302)
add Policy Identify classes of Incidents and Actions taken (23d1a569-2d1e-7f43-9e22-1f94115b7dd5)
add Policy Bind authenticators and identities dynamically (6f311b49-9b0d-8c67-3d6e-db80ae528173)
add Policy Include dynamic reconfig of customer deployed resources (1e0d5ba8-a433-01aa-829c-86b06c9631ec)
add Policy Execute actions in response to information spills (ba78efc6-795c-64f4-7a02-91effbd34af9)
add Policy Conduct capacity planning (33602e78-35e3-4f06-17fb-13dd887448e4)
add Policy Document security operations (2c6bee3a-2180-2430-440d-db3c7a849870)
add Policy Determine supplier contract obligations (67ada943-8539-083d-35d0-7af648974125)
add Policy Limit privileges to make changes in production environment (2af551d5-1775-326a-0589-590bfb7e9eb2)
add Policy Employ restrictions on external system interconnections (80029bc5-834f-3a9c-a2d8-acbc1aab4e9f)
add Policy Review and update information integrity policies and procedures (6bededc0-2985-54d5-4158-eb8bad8070a0)
add Policy Protect special information (a315c657-4a00-8eba-15ac-44692ad24423)
add Policy Conduct a full text analysis of logged privileged commands (8eea8c14-4d93-63a3-0c82-000343ee5204)
add Policy Document and implement wireless access guidelines (04b3e7f6-4841-888d-4799-cda19a0084f6)
add Policy Automate proposed documented changes (5c40f27b-6791-18c5-3f85-7b863bd99c11)
add Policy Employ automatic emergency lighting (aa892c0d-2c40-200c-0dd8-eac8c4748ede)
add Policy Document protection of security information in acquisition contracts (d78f95ba-870a-a500-6104-8a5ce2534f19)
add Policy Establish a secure software development program (e750ca06-1824-464a-2cf3-d0fa754d1cb4)
add Policy Define requirements for supplying goods and services (2b2f3a72-9e68-3993-2b69-13dcdecf8958)
add Policy Review user privileges (f96d2186-79df-262d-3f76-f371e3b71798)
add Policy Identify contaminated systems and components (279052a0-8238-694d-9661-bf649f951747)
add Policy Manage transfers between standby and active system components (df54d34f-65f3-39f1-103c-a0464b8615df)
add Policy Monitor account activity (7b28ba4f-0a87-46ac-62e1-46b7c09202a8)
add Policy Develop security assessment plan (1c258345-5cd4-30c8-9ef3-5ee4dd5231d6)
add Policy Block untrusted and unsigned processes that run from USB (3d399cf3-8fc6-0efc-6ab0-1412f1198517)
add Policy Identify incident response personnel (037c0089-6606-2dab-49ad-437005b5035f)
add Policy Update information security policies (5226dee6-3420-711b-4709-8e675ebd828f)
add Policy Retain terminated user data (7c7032fe-9ce6-9092-5890-87a1a3755db1)
add Policy Require interconnection security agreements (096a7055-30cb-2db4-3fda-41b20ac72667)
add Policy Define and document government oversight (cbfa1bd0-714d-8d6f-0480-2ad6a53972df)
add Policy Establish authenticator types and processes (921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0)
add Policy Develop access control policies and procedures (59f7feff-02aa-6539-2cf7-bea75b762140)
add Policy Reassign or remove user privileges as needed (7805a343-275c-41be-9d62-7215b96212d8)
add Policy Document separation of duties (e6f7b584-877a-0d69-77d4-ab8b923a9650)
add Policy Establish conditions for role membership (97cfd944-6f0c-7db2-3796-8e890ef70819)
add Policy Remediate information system flaws (be38a620-000b-21cf-3cb3-ea151b704c3b)
add Policy Conduct risk assessment and document its results (1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68)
add Policy Distribute authenticators (098dcde7-016a-06c3-0985-0daaf3301d3a)
add Policy Provide timely maintenance support (eb598832-4bcc-658d-4381-3ecbe17b9866)
add Policy Ensure alternate storage site safeguards are equivalent to primary site (178c8b7e-1b6e-4289-44dd-2f1526b678a1)
add Policy Develop and document a DDoS response plan (b7306e73-0494-83a2-31f5-280e934a8f70)
add Policy Monitor security and privacy training completion (82bd024a-5c99-05d6-96ff-01f539676a1a)
add Policy Implement transaction based recovery (ba02d0a0-566a-25dc-73f1-101c726a19c5)
add Policy Prohibit unfair practices (5fe84a4c-1b0c-a738-2aba-ed49c9069d3b)
add Policy Require approval for account creation (de770ba6-50dd-a316-2932-e0d972eaa734)
add Policy Integrate risk management process into SDLC (00f12b6f-10d7-8117-9577-0f2b76488385)
add Policy Evaluate alternate processing site capabilities (60442979-6333-85f0-84c5-b887bac67448)
add Policy Enforce and audit access restrictions (8cd815bf-97e1-5144-0735-11f6ddb50a59)
add Policy Establish terms and conditions for accessing resources (3c93dba1-84fd-57de-33c7-ef0400a08134)
add Policy Review access control policies and procedures (03d550b4-34ee-03f4-515f-f2e2faf7a413)
add Policy Require developers to provide training (676c3c35-3c36-612c-9523-36d266a65000)
add Policy Maintain integrity of audit system (c0559109-6a27-a217-6821-5a6d44f92897)
add Policy Maintain data breach records (0fd1ca29-677b-2f12-1879-639716459160)
add Policy Develop contingency planning policies and procedures (75b42dcf-7840-1271-260b-852273d7906e)
add Policy Review and update system and services acquisition policies and procedures (f49925aa-9b11-76ae-10e2-6e973cc60f37)
add Policy Obtain functional properties of security controls (44b71aa8-099d-8b97-1557-0e853ec38e0d)
add Policy Initiate contingency plan testing corrective actions (8bfdbaa6-6824-3fec-9b06-7961bf7389a6)
add Policy Review and update system maintenance policies and procedures (2067b904-9552-3259-0cdd-84468e284b7c)
add Policy Monitor access across the organization (48c816c5-2190-61fc-8806-25d6f3df162f)
add Policy Require developer to identify SDLC ports, protocols, and services (f6da5cca-5795-60ff-49e1-4972567815fe)
add Policy Manage maintenance personnel (b273f1e3-79e7-13ee-5b5d-dca6c66c3d5d)
add Policy Require users to sign access agreement (3af53f59-979f-24a8-540f-d7cdbc366607)
add Policy Define and enforce inactivity log policy (2af4640d-11a6-a64b-5ceb-a468f4341c0c)
add Policy Review user groups and applications with access to sensitive data (eb1c944e-0e94-647b-9b7e-fdb8d2af0838)
add Policy Implement incident handling (433de59e-7a53-a766-02c2-f80f8421469a)
add Policy Satisfy token quality requirements (056a723b-4946-9d2a-5243-3aa27c4d31a1)
add Policy Maintain records of processing of personal data (92ede480-154e-0e22-4dca-8b46a74a3a51)
add Policy Check for privacy and security compliance before establishing internal connections (ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab)
add Policy Provide updated security awareness training (d136ae80-54dd-321c-98b4-17acf4af2169)
add Policy Provide role-based practical exercises (d041726f-00e0-41ca-368c-b1a122066482)
add Policy Maintain list of authorized remote maintenance personnel (4ce91e4e-6dab-3c46-011a-aa14ae1561bf)
add Policy Establish procedures for initial authenticator distribution (35963d41-4263-0ef9-98d5-70eb058f9e3c)
add Policy Authorize, monitor, and control usage of mobile code technologies (291f20d4-8d93-1d73-89f3-6ce28b825563)
add Policy Separate user and information system management functionality (8a703eb5-4e53-701b-67e4-05ba2f7930c8)
add Policy Employ boundary protection to isolate information systems (311802f9-098d-0659-245a-94c5d47c0182)
add Policy Perform a business impact assessment and application criticality assessment (cb8841d4-9d13-7292-1d06-ba4d68384681)
add Policy Enable detection of network devices (426c172c-9914-10d1-25dd-669641fc1af4)
add Policy Obscure feedback information during authentication process (1ff03f2a-974b-3272-34f2-f6cd51420b30)
add Policy Automate information sharing decisions (e54901fe-42c2-7f3b-3c5f-327aa5320a69)
add Policy Identify actions allowed without authentication (92a7591f-73b3-1173-a09c-a08882d84c70)
add Policy Implement privileged access for executing vulnerability scanning activities (5b802722-71dd-a13d-2e7e-231e09589efb)
add Policy Train personnel on disclosure of nonpublic information (97f0d974-1486-01e2-2088-b888f46c0589)
add Policy Manage nonlocal maintenance and diagnostic activities (1fb1cb0e-1936-6f32-42fd-89970b535855)
add Policy Retain training records (3153d9c0-2584-14d3-362d-578b01358aeb)
add Policy Ensure audit records are not altered (27ce30dd-3d56-8b54-6144-e26d9a37a541)
add Policy Reevaluate access upon personnel transfer (e89436d8-6a93-3b62-4444-1d2a42ad56b2)
add Policy Eradicate contaminated information (54a9c072-4a93-2a03-6a43-a060d30383d7)
add Policy Specify permitted actions associated with customer audit information (3eecf628-a1c8-1b48-1b5c-7ca781e97970)
add Policy Provide capability to disconnect or disable remote access (4edaca8c-0912-1ac5-9eaa-6a1057740fae)
add Policy Implement controls to secure alternate work sites (cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e)
add Policy Recover and reconstitute resources after any disruption (f33c3238-11d2-508c-877c-4262ec1132e1)
add Policy Determine assertion requirements (7a0ecd94-3699-5273-76a5-edb8499f655a)
add Policy Review and update physical and environmental policies and procedures (91cf132e-0c9f-37a8-a523-dc6a92cd2fb2)
add Policy Document requirements for the use of shared data in contracts (0ba211ef-0e85-2a45-17fc-401d1b3f8f85)
add Policy Alert personnel of information spillage (9622aaa9-5c49-40e2-5bf8-660b7cd23deb)
add Policy Conduct Risk Assessment (677e1da4-00c3-287a-563d-f4a1cf9b99a0)
add Policy Enable dual or joint authorization (2c843d78-8f64-92b5-6a9b-e8186c0e7eb6)
add Policy Align business objectives and IT goals (ab02bb73-4ce1-89dd-3905-d93042809ba0)
add Policy Ensure information system fails in known state (12af7c7a-92af-9e96-0d0c-5e732d1a3751)
add Policy Develop a concept of operations (CONOPS) (e7422f08-65b4-50e4-3779-d793156e0079)
add Policy Perform audit for configuration change control (1282809c-9001-176b-4a81-260a085f4872)
add Policy Communicate contingency plan changes (a1334a65-2622-28ee-5067-9d7f5b915cc5)
add Policy Restrict location of information processing, storage and services (0040d2e5-2779-170d-6a2c-1f5fca353335)
add Policy Enforce appropriate usage of all accounts (fd81a1b3-2d7a-107c-507e-29b87d040c19)
add Policy Obtain approvals for acquisitions and outsourcing (92b94485-1c49-3350-9ada-dffe94f08e87)
add Policy Define and enforce the limit of concurrent sessions (d8350d4c-9314-400b-288f-20ddfce04fbd)
add Policy Implement Incident handling capability (98e33927-8d7f-6d5f-44f5-2469b40b7215)
add Policy Use automated mechanisms for security alerts (b8689b2e-4308-a58b-a0b4-6f3343a000df)
add Policy Establish usage restrictions for mobile code technologies (ffdaa742-0d6f-726f-3eac-6e6c34e36c93)
add Policy Protect incident response plan (2401b496-7f23-79b2-9f80-89bb5abf3d4a)
add Policy Develop information security policies and procedures (af227964-5b8b-22a2-9364-06d2cb9d6d7c)
add Policy Review role group changes weekly (70fe686f-1f91-7dab-11bf-bca4201e183b)
add Policy Compile Audit records into system wide audit (214ea241-010d-8926-44cc-b90a96d52adc)
add Policy Maintain incident response plan (37546841-8ea1-5be0-214d-8ac599588332)
add Policy Provide role-based security training (4c385143-09fd-3a34-790c-a5fd9ec77ddc)
add Policy Define and enforce conditions for shared and group accounts (f7eb1d0b-6d4f-2d59-1591-7563e11a9313)
add Policy Automate flaw remediation (a90c4d44-7fac-8e02-6d5b-0d92046b20e6)
add Policy Incorporate simulated contingency training (9c954fcf-6dd8-81f1-41b5-832ae5c62caf)
add Policy Review and update the information security architecture (ced291b8-1d3d-7e27-40cf-829e9dd523c8)
add Policy Accept assessment results (3054c74b-9b45-2581-56cf-053a1a716c39)
add Policy Automate approval request for proposed changes (575ed5e8-4c29-99d0-0e4d-689fb1d29827)
add Policy Document acquisition contract acceptance criteria (0803eaa7-671c-08a7-52fd-ac419f775e75)
add Policy Identify and authenticate network devices (ae5345d5-8dab-086a-7290-db43a3272198)
add Policy Establish requirements for internet service providers (5f2e834d-7e40-a4d5-a216-e49b16955ccf)
add Policy Restrict access to privileged accounts (873895e8-0e3a-6492-42e9-22cd030e9fcd)
add Policy Separate duties of individuals (60ee1260-97f0-61bb-8155-5d8b75743655)
add Policy Deliver security assessment results (8e49107c-3338-40d1-02aa-d524178a2afe)
add Policy Implement cryptographic mechanisms (10c3a1b1-29b0-a2d5-8f4c-a284b0f07830)
add Policy Configure Azure Audit capabilities (a3e98638-51d4-4e28-910a-60e98c1a756f)
add Policy Create configuration plan protection (874a6f2e-2098-53bc-3a16-20dcdc425a7e)
add Policy Review account provisioning logs (a830fe9e-08c9-a4fb-420c-6f6bf1702395)
add Policy Configure actions for noncompliant devices (b53aa659-513e-032c-52e6-1ce0ba46582f)
add Policy Protect data in transit using encryption (b11697e8-9515-16f1-7a35-477d5c8a1344)
add Policy Plan for resumption of essential business functions (7ded6497-815d-6506-242b-e043e0273928)
add Policy Employ a media sanitization mechanism (eaaae23f-92c9-4460-51cf-913feaea4d52)
add Policy Review exploit protection events (a30bd8e9-7064-312a-0e1f-e1b485d59f6e)
add Policy Develop business classification schemes (11ba0508-58a8-44de-5f3a-9e05d80571da)
add Policy Incorporate simulated events into incident response training (1fdeb7c4-4c93-8271-a135-17ebe85f1cc7)
add Policy Govern and monitor audit processing activities (333b4ada-4a02-0648-3d4d-d812974f1bb2)
add Policy Use privileged identity management (e714b481-8fac-64a2-14a9-6f079b2501a4)
add Policy Ensure cryptographic mechanisms are under configuration management (b8dad106-6444-5f55-307e-1e1cc9723e39)
add Policy Employ least privilege access (1bc7fd64-291f-028e-4ed6-6e07886e163f)
add Policy Update POA&M items (cc057769-01d9-95ad-a36f-1e62a7f9540b)
add Policy Restrict media use (6122970b-8d4a-7811-0278-4c6c68f61e4f)
add Policy Enforce expiration of cached authenticators (c7e8ddc1-14aa-1814-7fe1-aad1742b27da)
add Policy Implement a fault tolerant name/address service (ced727b3-005e-3c5b-5cd5-230b79d56ee8)
add Policy Ensure external providers consistently meet interests of the customers (3eabed6d-1912-2d3c-858b-f438d08d0412)
add Policy Establish and maintain an asset inventory (27965e62-141f-8cca-426f-d09514ee5216)
add Policy Establish electronic signature and certificate requirements (6f3866e8-6e12-69cf-788c-809d426094a1)
add Policy Secure commitment from leadership (70057208-70cc-7b31-3c3a-121af6bc1966)
add Policy Provide the capability to extend or limit auditing on customer-deployed resources (d200f199-69f4-95a6-90b0-37ff0cf1040c)
add Policy Review cloud identity report overview (8aec4343-9153-9641-172c-defb201f56b3)
add Policy Employ independent team for penetration testing (611ebc63-8600-50b6-a0e3-fef272457132)
add Policy Update organizational access agreements (e21f91d1-2803-0282-5f2d-26ebc4b170ef)
add Policy Accept PIV credentials (55be3260-a7a2-3c06-7fe6-072d07525ab7)
add Policy Update rules of behavior and access agreements every 3 years (7ad83b58-2042-085d-08f0-13e946f26f89)
add Policy Develop audit and accountability policies and procedures (a28323fe-276d-3787-32d2-cef6395764c4)
add Policy Produce, control and distribute asymmetric cryptographic keys (de077e7e-0cc8-65a6-6e08-9ab46c827b05)
add Policy Provide security training before providing access (2b05dca2-25ec-9335-495c-29155f785082)
add Policy Invalidate session identifiers at logout (396f465d-375e-57de-58ba-021adb008191)
add Policy Identify and authenticate non-organizational users (e1379836-3492-6395-451d-2f5062e14136)
add Policy Run simulation attacks (a8f9c283-9a66-3eb3-9e10-bdba95b85884)
add Policy Ensure security safeguards not needed when the individuals return (1fdf0b24-4043-3c55-357e-036985d50b52)
add Policy Integrate cloud app security with a siem (9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9)
add Policy Assign risk designations (b7897ddc-9716-2460-96f7-7757ad038cc4)
add Policy Develop POA&M (477bd136-7dd9-55f8-48ac-bae096b86a07)
add Policy Employ FICAM-approved resources to accept third-party credentials (db8b35d6-8adb-3f51-44ff-c648ab5b1530)
add Policy Provide real-time alerts for audit event failures (0f4fa857-079d-9d3d-5c49-21f616189e03)
add Policy Require external service providers to comply with security requirements (4e45863d-9ea9-32b4-a204-2680bc6007a6)
add Policy Review and update the events defined in AU-02 (a930f477-9dcb-2113-8aa7-45bb6fc90861)
add Policy Employ independent assessors to conduct security control assessments (b65c5d8e-9043-9612-2c17-65f231d763bb)
add Policy Disable user accounts posing a significant risk (22c16ae4-19d0-29cb-422f-cb44061180ee)
add Policy Test contingency plan at an alternate processing location (ba99d512-3baa-1c38-8b0b-ae16bbd34274)
add Policy Document remote access guidelines (3d492600-27ba-62cc-a1c3-66eb919f6a0d)
add Policy Isolate SecurID systems, Security Incident Management systems (dd6d00a8-701a-5935-a22b-c7b9c0c698b2)
add Policy Designate authorized personnel to post publicly accessible information (b4512986-80f5-1656-0c58-08866bd2673a)
add Policy Ensure authorized users protect provided authenticators (37dbe3dc-0e9c-24fa-36f2-11197cbfa207)
add Policy Implement personnel screening (e0c480bf-0d68-a42d-4cbb-b60f851f8716)
add Policy Enforce security configuration settings (058e9719-1ff9-3653-4230-23f76b6492e0)
add Policy Require third-party providers to comply with personnel security policies and procedures (e8c31e15-642d-600f-78ab-bad47a5787e6)
add Policy Manage symmetric cryptographic keys (9c276cf3-596f-581a-7fbd-f5e46edaa0f4)
add Policy Automate account management (2cc9c165-46bd-9762-5739-d2aae5ba90a1)
add Policy Support personal verification credentials issued by legal authorities (1d39b5d9-0392-8954-8359-575ce1957d1a)
add Policy Review and update media protection policies and procedures (b4e19d22-8c0e-7cad-3219-c84c62dc250f)
add Policy Reissue authenticators for changed groups and accounts (2f204e72-1896-3bf8-75c9-9128b8683a36)
add Policy Develop SSP that meets criteria (6b957f60-54cd-5752-44d5-ff5a64366c93)
add Policy Produce Security Assessment report (70a7a065-a060-85f8-7863-eb7850ed2af9)
add Policy Adhere to retention periods defined (1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1)
add Policy Employ automated training environment (c8aa992d-76b7-7ca0-07b3-31a58d773fa9)
add Policy Establish alternate storage site to store and retrieve backup information (0a412110-3874-9f22-187a-c7a81c8a6704)
add Policy Implement managed interface for each external service (b262e1dd-08e9-41d4-963a-258909ad794b)
add Policy Require developers to document approved changes and potential impact (3a868d0c-538f-968b-0191-bddb44da5b75)
add Policy Notify personnel upon sanctions (6228396e-2ace-7ca5-3247-45767dbf52f4)
add Policy Clear personnel with access to classified information (c42f19c9-5d88-92da-0742-371a0ea03126)
add Policy Document access privileges (a08b18c7-9e0a-89f1-3696-d80902196719)
add Policy Modify access authorizations upon personnel transfer (979ed3b6-83f9-26bc-4b86-5b05464700bf)
add Policy Update the security authorization (449ebb52-945b-36e5-3446-af6f33770f8f)
add Policy Prohibit remote activation of collaborative computing devices (678ca228-042d-6d8e-a598-c58d5670437d)
add Policy Document security functional requirements in acquisition contracts (57927290-8000-59bf-3776-90c468ac5b4b)
add Policy Establish parameters for searching secret authenticators and verifiers (0065241c-72e9-3b2c-556f-75de66332a94)
add Policy Coordinate contingency plans with related plans (c5784049-959f-6067-420c-f4cefae93076)
add Policy View and investigate restricted users (98145a9b-428a-7e81-9d14-ebb154a24f93)
add Policy Analyse data obtained from continuous monitoring (6a379d74-903b-244a-4c44-838728bea6b0)
add Policy Automate process to document implemented changes (43ac3ccb-4ef6-7d63-9a3f-6848485ba4e8)
add Policy Govern compliance of cloud service providers (5c33538e-02f8-0a7f-998b-a4c1e22076d3)
add Policy Review changes for any unauthorized changes (c246d146-82b0-301f-32e7-1065dcd248b7)
add Policy Review contingency plan (53fc1282-0ee3-2764-1319-e20143bb0ea5)
add Policy Review and update risk assessment policies and procedures (20012034-96f0-85c2-4a86-1ae1eb457802)
add Policy Refresh authenticators (3ae68d9a-5696-8c32-62d3-c6f9c52e437c)
add Policy Manage the transportation of assets (4ac81669-00e2-9790-8648-71bc11bc91eb)
add Policy Coordinate with external organizations to achieve cross org perspective (d4e6a629-28eb-79a9-000b-88030e4823ca)
add Policy Design an access control model (03b6427e-6072-4226-4bd9-a410ab65317e)
add Policy Turn on sensors for endpoint security solution (5fc24b95-53f7-0ed1-2330-701b539b97fe)
add Policy Establish and document a configuration management plan (526ed90e-890f-69e7-0386-ba5c0f1f784f)
add Policy Review publicly accessible content for nonpublic information (b5244f81-6cab-3188-2412-179162294996)
add Policy Enforce random unique session identifiers (c7d57a6a-7cc2-66c0-299f-83bf90558f5d)
add Policy Establish firewall and router configuration standards (398fdbd8-56fd-274d-35c6-fa2d3b2755a1)
add Policy Rescreen individuals at a defined frequency (c6aeb800-0b19-944d-92dc-59b893722329)
add Policy Retain security policies and procedures (efef28d0-3226-966a-a1e8-70e89c1b30bc)
add Policy Terminate user session automatically (4502e506-5f35-0df4-684f-b326e3cc7093)
add Policy Measure the time between flaw identification and flaw remediation (dad1887d-161b-7b61-2e4d-5124a7b5724e)
add Policy Require developers to produce evidence of security assessment plan execution (f8a63511-66f1-503f-196d-d6217ee0823a)
add Policy Provide periodic role-based security training (9ac8621d-9acd-55bf-9f99-ee4212cc3d85)
add Policy Maintain separate execution domains for running processes (bfc540fe-376c-2eef-4355-121312fa4437)
add Policy Discover any indicators of compromise (07b42fb5-027e-5a3c-4915-9d9ef3020ec7)
add Policy Reauthenticate or terminate a user session (d6653f89-7cb5-24a4-9d71-51581038231b)
add Policy Manage the input, output, processing, and storage of data (e603da3a-8af7-4f8a-94cb-1bcc0e0333d2)
add Policy Determine auditable events (2f67e567-03db-9d1f-67dc-b6ffb91312f4)
add Policy Perform a privacy impact assessment (d18af1ac-0086-4762-6dc8-87cdded90e39)
add Policy Authorize, monitor, and control voip (e4e1f896-8a93-1151-43c7-0ad23b081ee2)
add Policy Establish configuration management requirements for developers (8747b573-8294-86a0-8914-49e9b06a5ace)
add Policy Detect network services that have not been authorized or approved (86ecd378-a3a0-5d5b-207c-05e6aaca43fc)
add Policy Require developers to implement only approved changes (085467a6-9679-5c65-584a-f55acefd0d43)
add Policy Review the results of contingency plan testing (5d3abfea-a130-1208-29c0-e57de80aa6b0)
add Policy Require developers to manage change integrity (b33d61c1-7463-7025-0ec0-a47585b59147)
add Policy Provide the logout capability (db580551-0b3c-4ea1-8a4c-4cdb5feb340f)
add Policy Distribute information system documentation (84a01872-5318-049e-061e-d56734183e84)
add Policy Adopt biometric authentication mechanisms (7d7a8356-5c34-9a95-3118-1424cfaf192a)
add Policy Restrict use of open source software (08c11b48-8745-034d-1c1b-a144feec73b9)
add Policy Implement training for protecting authenticators (e4b00788-7e1c-33ec-0418-d048508e095b)
add Policy Review controlled folder access events (f48b60c6-4b37-332f-7288-b6ea50d300eb)
add Policy Define organizational requirements for cryptographic key management (d661e9eb-4e15-5ba1-6f02-cdc467db0d6c)
add Policy Implement a penetration testing methodology (c2eabc28-1e5c-78a2-a712-7cc176c44c07)
add Policy Allocate resources in determining information system requirements (90a156a6-49ed-18d1-1052-69aac27c05cd)
add Policy Establish a configuration control board (7380631c-5bf5-0e3a-4509-0873becd8a63)
add Policy Conduct backup of information system documentation (b269a749-705e-8bff-055a-147744675cdf)
add Policy Automate remote maintenance activities (b8587fce-138f-86e8-33a3-c60768bf1da6)
add Policy Provide capability to process customer-controlled audit records (21633c09-804e-7fcd-78e3-635c6bfe2be7)
add Policy Develop and document application security requirements (6de65dc4-8b4f-34b7-9290-eb137a2e2929)
add Policy Provide monitoring information as needed (7fc1f0da-0050-19bb-3d75-81ae15940df6)
add Policy Assess risk in third party relationships (0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08)
add Policy Provide role-based training on suspicious activities (f6794ab8-9a7d-3b24-76ab-265d3646232b)
add Policy View and configure system diagnostic data (0123edae-3567-a05a-9b05-b53ebe9d3e7e)
add Policy Transfer backup information to an alternate storage site (7bdb79ea-16b8-453e-4ca4-ad5b16012414)
add Policy Review and update contingency planning policies and procedures (e9c60c37-65b0-2d72-6c3c-af66036203ae)
add Policy Review user accounts (79f081c7-1634-01a1-708e-376197999289)
add Policy Disseminate security alerts to personnel (9c93ef57-7000-63fb-9b74-88f2e17ca5d2)
add Policy Obtain continuous monitoring plan for security controls (ca6d7878-3189-1833-4620-6c7254ed1607)
add Policy Verify software, firmware and information integrity (db28735f-518f-870e-15b4-49623cbe3aa0)
Version change: '16.0.1' to '17.0.0'
remove Policy Microsoft Managed Control 1664 - Protection Of Information At Rest | Cryptographic Protection (a2cdf6b8-9505-4619-b579-309ba72037ac)
remove Policy Microsoft Managed Control 1193 - Configuration Change Control | Automated Document / Notification / Prohibition Of Changes (f5fd629f-3075-4cae-ab53-bad65495a4ac)
remove Policy Microsoft Managed Control 1209 - Configuration Settings (ce669c31-9103-4552-ae9c-cdef4e03580d)
remove Policy Microsoft Managed Control 1487 - Alternate Work Site (e9c3371d-c30c-4f58-abd9-30b8a8199571)
remove Policy Microsoft Managed Control 1277 - Alternate Processing Site | Priority Of Service (dc43e829-3d50-4a0a-aa0f-428d551862aa)
remove Policy Microsoft Managed Control 1690 - Information System Monitoring | System-Wide Intrusion Detection System (a2567a23-d1c3-4783-99f3-d471302a4d6b)
remove Policy Microsoft Managed Control 1544 - Risk Assessment (43ced7c9-cd53-456b-b0da-2522649a4271)
remove Policy Microsoft Managed Control 1162 - Continuous Monitoring (5770f3d6-8c2b-4f6f-bf0e-c8c8fc36d592)
remove Policy Microsoft Managed Control 1264 - Contingency Plan Testing | Coordinate With Related Plans (dd280d4b-50a1-42fb-a479-ece5878acf19)
remove Policy Microsoft Managed Control 1160 - Security Authorization (3e797ca6-2aa8-4333-b335-7036f1110c05)
remove Policy Microsoft Managed Control 1053 - Session Lock | Pattern-Hiding Displays (7582b19c-9dba-438e-aed8-ede59ac35ba3)
remove Policy Microsoft Managed Control 1616 - System And Communications Protection Policy And Procedures (2006457a-48b3-4f7b-8d2e-1532287f9929)
remove Policy Microsoft Managed Control 1560 - System And Services Acquisition Policy And Procedures (e29e0915-5c2f-4d09-8806-048b749ad763)
remove Policy Microsoft Managed Control 1009 - Account Management (b26f8610-e615-47c2-abd6-c00b2b0b503a)
remove Policy Microsoft Managed Control 1599 - Developer Configuration Management | Software / Firmware Integrity Verification (0004bbf0-5099-4179-869e-e9ffe5fb0945)
remove Policy Microsoft Managed Control 1161 - Continuous Monitoring (e2f8f6c6-dde4-436b-a79d-bc50e129eb3a)
remove Policy Microsoft Managed Control 1177 - Baseline Configuration | Reviews And Updates (63dbc7a8-e20b-4d38-b857-a7f6c0cd94bc)
remove Policy Microsoft Managed Control 1262 - Contingency Plan Testing (831e510e-db41-4c72-888e-a0621ab62265)
remove Policy Microsoft Managed Control 1297 - Information System Recovery And Reconstitution | Restore Within Time Period (93fd8af1-c161-4bae-9ba9-f62731f76439)
remove Policy Microsoft Managed Control 1422 - Maintenance Personnel (ea556850-838d-4a37-8ce5-9d7642f95e11)
remove Policy Microsoft Managed Control 1587 - External Information System Services (32820956-9c6d-4376-934c-05cd8525be7c)
remove Policy Microsoft Managed Control 1225 - Information System Component Inventory | Automated Maintenance (8d096fe0-f510-4486-8b4d-d17dc230980b)
remove Policy Microsoft Managed Control 1425 - Timely Maintenance (5983d99c-f39b-4c32-a3dc-170f19f6941b)
remove Policy Microsoft Managed Control 1679 - Malicious Code Protection (2cf42a28-193e-41c5-98df-7688e7ef0a88)
remove Policy Microsoft Managed Control 1636 - Boundary Protection | Isolation Of Security Tools / Mechanisms / Support Components (7b694eed-7081-43c6-867c-41c76c961043)
remove Policy Microsoft Managed Control 1027 - Access Enforcement (a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c)
remove Policy Microsoft Managed Control 1669 - Flaw Remediation (48f2f62b-5743-4415-a143-288adc0e078d)
remove Policy Microsoft Managed Control 1619 - Information In Shared Resources (c722e569-cb52-45f3-a643-836547d016e1)
remove Policy Microsoft Managed Control 1454 - Physical Access Control (ad58985d-ab32-4f99-8bd3-b7e134c90229)
remove Policy Microsoft Managed Control 1418 - Remote Maintenance | Comparable Security / Sanitization (28e633fd-284e-4ea7-88b4-02ca157ed713)
remove Policy Microsoft Managed Control 1139 - Audit Generation (4ed62522-de00-4dda-9810-5205733d2f34)
remove Policy Microsoft Managed Control 1407 - Maintenance Tools | Prevent Unauthorized Removal (ff9fbd83-1d8d-4b41-aac2-94cb44b33976)
remove Policy Microsoft Managed Control 1306 - User Identification And Authentication | Network Access To Privileged Accounts - Replay... (cafc6c3c-5fc5-4c5e-a99b-a0ccb1d34eff)
remove Policy Microsoft Managed Control 1003 - Account Management (3b68b179-3704-4ff7-b51d-7d65374d165d)
remove Policy Microsoft Managed Control 1499 - Rules Of Behavior (e59671ab-9720-4ee2-9c60-170e8c82251e)
remove Policy Microsoft Managed Control 1465 - Monitoring Physical Access | Monitoring Physical Access To Information Systems (e6e41554-86b5-4537-9f7f-4fc41a1d1640)
remove Policy Microsoft Managed Control 1072 - Wireless Access Restrictions | Antennas / Transmission Power Levels (1ca29e41-34ec-4e70-aba9-6248aca18c31)
remove Policy Microsoft Managed Control 1542 - Risk Assessment (eab340d0-3d55-4826-a0e5-feebfeb0131d)
remove Policy Microsoft Managed Control 1683 - Information System Monitoring (8c79fee4-88dd-44ce-bbd4-4de88948c4f8)
remove Policy Microsoft Managed Control 1267 - Alternate Storage Site (4e97ba1d-be5d-4953-8da4-0cccf28f4805)
remove Policy Microsoft Managed Control 1298 - Identification And Authentication Policy And Procedures (1dc784b5-4895-4d27-9d40-a06b032bd1ee)
remove Policy Microsoft Managed Control 1451 - Physical Access Control (e3f1e5a3-25c1-4476-8cb6-3955031f8e65)
remove Policy Microsoft Managed Control 1135 - Non-Repudiation (9c308b6b-2429-4b97-86cf-081b8e737b04)
remove Policy Microsoft Managed Control 1486 - Alternate Work Site (cb790345-a51f-43de-934e-98dbfaf9dca5)
remove Policy Microsoft Managed Control 1480 - Temperature And Humidity Controls (18a767cc-1947-4338-a240-bc058c81164f)
remove Policy Microsoft Managed Control 1062 - Remote Access | Protection Of Confidentiality / Integrity Using Encryption (4708723f-e099-4af1-bbf9-b6df7642e444)
remove Policy Microsoft Managed Control 1242 - Contingency Planning Policy And Procedures (cf3b3293-667a-445e-a722-fa0b0afc0958)
remove Policy Microsoft Managed Control 1670 - Flaw Remediation (c6108469-57ee-4666-af7e-79ba61c7ae0c)
remove Policy Microsoft Managed Control 1038 - Least Privilege | Privileged Accounts (26692e88-71b7-4a5f-a8ac-9f31dd05bd8e)
remove Policy Microsoft Managed Control 1654 - Voice Over Internet Protocol (0a2ee16e-ab1f-414a-800b-d1608835862b)
remove Policy Microsoft Managed Control 1650 - Public Key Infrastructure Certificates (201d3740-bd16-4baf-b4b8-7cda352228b7)
remove Policy Microsoft Managed Control 1312 - Identifier Management (4d6a5968-9eef-4c18-8534-376790ab7274)
remove Policy Microsoft Managed Control 1136 - Audit Record Retention (97ed5bac-a92f-4f6d-a8ed-dc094723597c)
remove Policy Microsoft Managed Control 1247 - Contingency Plan (4e666db5-b2ef-4b06-aac6-09bfce49151b)
remove Policy Microsoft Managed Control 1290 - Information System Backup (92f85ce9-17b7-49ea-85ee-ea7271ea6b82)
remove Policy Microsoft Managed Control 1456 - Physical Access Control (733ba9e3-9e7c-440a-a7aa-6196a90a2870)
remove Policy Microsoft Managed Control 1547 - Vulnerability Scanning (58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52)
remove Policy Microsoft Managed Control 1527 - Access Agreements (2823de66-332f-4bfd-94a3-3eb036cd3b67)
remove Policy Microsoft Managed Control 1677 - Malicious Code Protection (4a248e1e-040f-43e5-bff2-afc3a57a3923)
remove Policy Microsoft Managed Control 1216 - Least Functionality | Periodic Review (7894fe6a-f5cb-44c8-ba90-c3f254ff9484)
remove Policy Microsoft Managed Control 1648 - Collaborative Computing Devices (3a9eb14b-495a-4ebb-933c-ce4ef5264e32)
remove Policy Microsoft Managed Control 1089 - Security Awareness (ef080e67-0d1a-4f76-a0c5-fb9b0358485e)
remove Policy Microsoft Managed Control 1714 - Software & Information Integrity | Automated Notifications Of Integrity Violations (e12494fa-b81e-4080-af71-7dbacc2da0ec)
remove Policy Microsoft Managed Control 1060 - Remote Access (34a987fd-2003-45de-a120-014956581f2b)
remove Policy Microsoft Managed Control 1130 - Time Stamps | Synchronization With Authoritative Time Source (fd7c4c1d-51ee-4349-9dab-89a7f8c8d102)
remove Policy Microsoft Managed Control 1317 - Authenticator Management (8877f519-c166-47b7-81b7-8a8eb4ff3775)
remove Policy Microsoft Managed Control 1231 - Configuration Management Plan (244e0c05-cc45-4fe7-bf36-42dcf01f457d)
remove Policy Microsoft Managed Control 1026 - Account Management | Disable Accounts For High-Risk Individuals (55419419-c597-4cd4-b51e-009fd2266783)
remove Policy Microsoft Managed Control 1524 - Personnel Transfer (72f1cb4e-2439-4fe8-88ea-b8671ce3c268)
remove Policy Microsoft Managed Control 1460 - Access Control For Output Devices (6f3ce1bb-4f77-4695-8355-70b08d54fdda)
remove Policy Microsoft Managed Control 1269 - Alternate Storage Site | Separation From Primary Site (19b9439d-865d-4474-b17d-97d2702fdb66)
remove Policy Microsoft Managed Control 1607 - Developer Security Testing And Evaluation | Dynamic Code Analysis (976a74cf-b192-4d35-8cab-2068f272addb)
remove Policy Microsoft Managed Control 1562 - Allocation Of Resources (d4142013-7964-4163-a313-a900301c2cef)
remove Policy Microsoft Managed Control 1079 - Use Of External Information Systems | Limits On Authorized Use (85c32733-7d23-4948-88da-058e2c56b60f)
remove Policy Microsoft Managed Control 1033 - Separation Of Duties (48540f01-fc11-411a-b160-42807c68896e)
remove Policy Microsoft Managed Control 1125 - Audit Reduction And Report Generation (c6ce745a-670e-47d3-a6c4-3cfe5ef00c10)
remove Policy Microsoft Managed Control 1682 - Malicious Code Protection | Nonsignature-Based Detection (62b638c5-29d7-404b-8d93-f21e4b1ce198)
remove Policy Microsoft Managed Control 1432 - Media Storage (1140e542-b80d-4048-af45-3f7245be274b)
remove Policy Microsoft Managed Control 1293 - Information System Backup | Separate Storage For Critical Information (87f7cd82-2e45-4d0f-9e2f-586b0962d142)
remove Policy Microsoft Managed Control 1725 - Error Handling (afc234b5-456b-4aa5-b3e2-ce89108124cc)
remove Policy Microsoft Managed Control 1651 - Mobile Code (6db63528-c9ba-491c-8a80-83e1e6977a50)
remove Policy Microsoft Managed Control 1237 - Software Usage Restrictions | Open Source Software (e80b6812-0bfa-4383-8223-cdd86a46a890)
remove Policy Microsoft Managed Control 1684 - Information System Monitoring (16bfdb59-db38-47a5-88a9-2e9371a638cf)
remove Policy Microsoft Managed Control 1258 - Contingency Training (7814506c-382c-4d33-a142-249dd4a0dbff)
remove Policy Microsoft Managed Control 1325 - Authenticator Management (1845796a-7581-49b2-ae20-443121538e19)
remove Policy Microsoft Managed Control 1703 - Security Alerts & Advisories (804faf7d-b687-40f7-9f74-79e28adf4205)
remove Policy Microsoft Managed Control 1572 - Acquisitions Process (04f5fb00-80bb-48a9-a75b-4cb4d4c97c36)
remove Policy Microsoft Managed Control 1578 - Acquisitions Process | Functions / Ports / Protocols / Services In Use (45b7b644-5f91-498e-9d89-7402532d3645)
remove Policy Microsoft Managed Control 1015 - Account Management | Disable Inactive Accounts (544a208a-9c3f-40bc-b1d1-d7e144495c14)
remove Policy Microsoft Managed Control 1212 - Configuration Settings | Automated Central Management / Application / Verification (56d970ee-4efc-49c8-8a4e-5916940d784c)
remove Policy Microsoft Managed Control 1265 - Contingency Plan Testing | Alternate Processing Site (a18adb5b-1db6-4a5b-901a-7d3797d12972)
remove Policy Microsoft Managed Control 1613 - Developer Security Architecture And Design (fe2ad78b-8748-4bff-a924-f74dfca93f30)
remove Policy Microsoft Managed Control 1523 - Personnel Transfer (5577a310-2551-49c8-803b-36e0d5e55601)
remove Policy Microsoft Managed Control 1064 - Remote Access | Privileged Commands / Access (eb4d9508-cbf0-4a3c-bb5c-6c95b159f3fb)
remove Policy Microsoft Managed Control 1194 - Configuration Change Control | Automated Document / Notification / Prohibition Of Changes (bc34667f-397e-4a65-9b72-d0358f0b6b09)
remove Policy Microsoft Managed Control 1094 - Role-Based Security Training (4b1853e0-8973-446b-b567-09d901d31a09)
remove Policy Microsoft Managed Control 1151 - System Interconnections (347e3b69-7fb7-47df-a8ef-71a1a7b44bca)
remove Policy Microsoft Managed Control 1479 - Fire Protection | Automatic Fire Suppression (e327b072-281d-4f75-9c28-4216e5d72f26)
remove Policy Microsoft Managed Control 1123 - Audit Review, Analysis, And Reporting | Audit Level Adjustment (03996055-37a4-45a5-8b70-3f1caa45f87d)
remove Policy Microsoft Managed Control 1235 - Software Usage Restrictions (c49c610b-ece4-44b3-988c-2172b70d6e46)
remove Policy Microsoft Managed Control 1304 - User Identification And Authentication | Local Access To Non-Privileged Accounts (6ca71be3-16cb-4d39-8b50-7f8fd5e2f11b)
remove Policy Microsoft Managed Control 1310 - Device Identification And Authentication (450d7ede-823d-4931-a99d-57f6a38807dc)
remove Policy Microsoft Managed Control 1503 - Information Security Architecture (c1fa9c2f-d439-4ab9-8b83-81fb1934f81d)
remove Policy Microsoft Managed Control 1278 - Alternate Processing Site | Preparation For Use (8e5ef485-9e16-4c53-a475-fbb8107eac59)
remove Policy Microsoft Managed Control 1117 - Audit Review, Analysis, And Reporting | Process Integration (7fbfe680-6dbb-4037-963c-a621c5635902)
remove Policy Microsoft Managed Control 1637 - Boundary Protection | Fail Secure (4075bedc-c62a-4635-bede-a01be89807f3)
remove Policy Microsoft Managed Control 1141 - Audit Generation | Changes By Authorized Individuals (6fdefbf4-93e7-4513-bc95-c1858b7093e0)
remove Policy Microsoft Managed Control 1111 - Response To Audit Processing Failures (21de687c-f15e-4e51-bf8d-f35c8619965b)
remove Policy Microsoft Managed Control 1439 - Media Sanitization And Disposal (dce72873-c5f1-47c3-9b4f-6b8207fd5a45)
remove Policy Microsoft Managed Control 1296 - Information System Recovery And Reconstitution | Transaction Recovery (e57b98a0-a011-4956-a79d-5d17ed8b8e48)
remove Policy Microsoft Managed Control 1680 - Malicious Code Protection | Central Management (399cd6ee-0e18-41db-9dea-cde3bd712f38)
remove Policy Microsoft Managed Control 1586 - External Information System Services (6e3b2fbd-8f37-4766-a64d-3f37703dcb51)
remove Policy Microsoft Managed Control 1626 - Boundary Protection | External Telecommunications Services (e8f6bddd-6d67-439a-88d4-c5fe39a79341)
remove Policy Microsoft Managed Control 1044 - Unsuccessful Logon Attempts (0abbac52-57cf-450d-8408-1208d0dd9e90)
remove Policy Microsoft Managed Control 1367 - Incident Handling | Insider Threats - Specific Capabilities (435b2547-6374-4f87-b42d-6e8dbe6ae62a)
remove Policy Microsoft Managed Control 1489 - Location Of Information System Components (9d0a794f-1444-4c96-9534-e35fc8c39c91)
remove Policy Microsoft Managed Control 1268 - Alternate Storage Site (23f6e984-3053-4dfc-ab48-543b764781f5)
remove Policy Microsoft Managed Control 1353 - Incident Response Training (c785ad59-f78f-44ad-9a7f-d1202318c748)
remove Policy Microsoft Managed Control 1292 - Information System Backup | Test Restoration Using Sampling (d03516cf-0293-489f-9b32-a18f2a79f836)
remove Policy Microsoft Managed Control 1037 - Least Privilege | Network Access To Privileged Commands (fa4c2a3d-1294-41a3-9ada-0e540471e9fb)
remove Policy Microsoft Managed Control 1409 - Maintenance Tools | Prevent Unauthorized Removal (d1880188-e51a-4772-b2ab-68f5e8bd27f6)
remove Policy Microsoft Managed Control 1694 - Information System Monitoring | Analyze Communications Traffic Anomalies (426c4ac9-ff17-49d0-acd7-a13c157081c0)
remove Policy Microsoft Managed Control 1046 - Unsuccessful Logon Attempts | Purge / Wipe Mobile Device (0b1aa965-7502-41f9-92be-3e2fe7cc392a)
remove Policy Microsoft Managed Control 1723 - Information Input Validation (e91927a0-ac1d-44a0-95f8-5185f9dfce9f)
remove Policy Microsoft Managed Control 1008 - Account Management (8356cfc6-507a-4d20-b818-08038011cd07)
remove Policy Microsoft Managed Control 1552 - Vulnerability Scanning | Update By Frequency / Prior To New Scan / When Identified (43684572-e4f1-4642-af35-6b933bc506da)
remove Policy Microsoft Managed Control 1698 - Information System Monitoring | Individuals Posing Greater Risk (31b752c1-05a9-432a-8fce-c39b56550119)
remove Policy Microsoft Managed Control 1400 - Controlled Maintenance (a96d5098-a604-4cdf-90b1-ef6449a27424)
remove Policy Microsoft Managed Control 1085 - Publicly Accessible Content (13d117e0-38b0-4bbb-aaab-563be5dd10ba)
remove Policy Microsoft Managed Control 1280 - Telecommunications Services | Priority Of Service Provisions (fa108498-b3a8-4ffb-9e79-1107e76afad3)
remove Policy Microsoft Managed Control 1188 - Configuration Change Control (bb20548a-c926-4e4d-855c-bcddc6faf95e)
remove Policy Microsoft Managed Control 1567 - System Development Life Cycle (e72edbf6-aa61-436d-a227-0f32b77194b3)
remove Policy Microsoft Managed Control 1025 - Account Management | Account Monitoring / Atypical Usage (adfe020d-0a97-45f4-a39c-696ef99f3a95)
remove Policy Microsoft Managed Control 1453 - Physical Access Control (9693b564-3008-42bc-9d5d-9c7fe198c011)
remove Policy Microsoft Managed Control 1635 - Boundary Protection | Host-Based Protection (87551b5d-1deb-4d0f-86cc-9dc14cb4bf7e)
remove Policy Microsoft Managed Control 1034 - Least Privilege (02a5ed00-6d2e-4e97-9a98-46c32c057329)
remove Policy Microsoft Managed Control 1100 - Audit And Accountability Policy And Procedures (4057863c-ca7d-47eb-b1e0-503580cba8a4)
remove Policy Microsoft Managed Control 1565 - System Development Life Cycle (45ce2396-5c76-4654-9737-f8792ab3d26b)
remove Policy Microsoft Managed Control 1701 - Information System Monitoring | Host-Based Devices (f25bc08f-27cb-43b6-9a23-014d00700426)
remove Policy Microsoft Managed Control 1518 - Personnel Termination (0d58f734-c052-40e9-8b2f-a1c2bff0b815)
remove Policy Microsoft Managed Control 1254 - Contingency Plan | Resume All Missions / Business Functions (704e136a-4fe0-427c-b829-cd69957f5d2b)
remove Policy Microsoft Managed Control 1128 - Time Stamps (ef212163-3bc4-4e86-bcf8-705127086393)
remove Policy Microsoft Managed Control 1596 - Developer Configuration Management (21e25e01-0ae0-41be-919e-04ce92b8e8b8)
remove Policy Microsoft Managed Control 1243 - Contingency Planning Policy And Procedures (ca9a4469-d6df-4ab2-a42f-1213c396f0ec)
remove Policy Microsoft Managed Control 1525 - Personnel Transfer (9be2f688-7a61-45e3-8230-e1ec93893f66)
remove Policy Microsoft Managed Control 1676 - Malicious Code Protection (c10fb58b-56a8-489e-9ce3-7ffe24e78e4b)
remove Policy Microsoft Managed Control 1052 - Session Lock (027cae1c-ec3e-4492-9036-4168d540c42a)
remove Policy Microsoft Managed Control 1716 - Software & Information Integrity | Integration Of Detection And Response (e54c325e-42a0-4dcf-b105-046e0f6f590f)
remove Policy Microsoft Managed Control 1131 - Protection Of Audit Information (b472a17e-c2bc-493f-b50b-42d55a346962)
remove Policy Microsoft Managed Control 1347 - Identification And Authentication (Non-Organizational Users) | Acceptance Of Piv Credentials... (131a2706-61e9-4916-a164-00e052056462)
remove Policy Microsoft Managed Control 1023 - Account Management | Usage Conditions (e55698b6-3dea-4aa9-99b9-d8218c6ab6e5)
remove Policy Microsoft Managed Control 1445 - Physical And Environmental Protection Policy And Procedures (32d07d59-2716-4972-b37b-214a67ac4a37)
remove Policy Microsoft Managed Control 1021 - Account Management | Restrictions On Use Of Shared / Group Accounts (9a3eb0a3-428d-4669-baff-20a14eb4b551)
remove Policy Microsoft Managed Control 1588 - External Information System Services (68ebae26-e0e0-4ecb-8379-aabf633b51e9)
remove Policy Microsoft Managed Control 1507 - Personnel Security Policy And Procedures (86ccd1bf-e7ad-4851-93ce-6ec817469c1e)
remove Policy Microsoft Managed Control 1671 - Flaw Remediation (5c5bbef7-a316-415b-9b38-29753ce8e698)
remove Policy Microsoft Managed Control 1245 - Contingency Plan (a0e45314-57b8-4623-80cd-bbb561f59516)
remove Policy Microsoft Managed Control 1521 - Personnel Termination | Automated Notification (3cbddf9c-a3aa-4330-a0f5-4c0c1f1862e5)
remove Policy Microsoft Managed Control 1178 - Baseline Configuration | Reviews And Updates (7818b8f4-47c6-441a-90ae-12ce04e99893)
remove Policy Microsoft Managed Control 1458 - Physical Access Control | Information System Access (8c19ceb7-56e9-4488-8ddb-b1eb3aa6d203)
remove Policy Microsoft Managed Control 1217 - Least Functionality | Periodic Review (edea4f20-b02c-4115-be75-86c080e5c0ed)
remove Policy Microsoft Managed Control 1311 - Identifier Management (e7568697-0c9e-4ea3-9cec-9e567d14f3c6)
remove Policy Microsoft Managed Control 1623 - Boundary Protection (02ce1b22-412a-4528-8630-c42146f917ed)
remove Policy Microsoft Managed Control 1495 - System Security Plan (f4978d0e-a596-48e7-9f8c-bbf52554ce8d)
remove Policy Microsoft Managed Control 1204 - Access Restrictions For Change | Review System Changes (0f4f6750-d1ab-4a4c-8dfd-af3237682665)
remove Policy Microsoft Managed Control 1511 - Personnel Screening (a9eae324-d327-4539-9293-b48e122465f8)
remove Policy Microsoft Managed Control 1535 - Personnel Sanctions (f9a165d2-967d-4733-8399-1074270dae2e)
remove Policy Microsoft Managed Control 1449 - Physical Access Authorizations (f784d3b0-5f2b-49b7-b9f3-00ba8653ced5)
remove Policy Microsoft Managed Control 1102 - Audit Events (9943c16a-c54c-4b4a-ad28-bfd938cdbf57)
remove Policy Microsoft Managed Control 1385 - Information Spillage Response (3e495e65-8663-49ca-9b38-9f45e800bc58)
remove Policy Microsoft Managed Control 1721 - Spam Protection | Central Management (d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a)
remove Policy Microsoft Managed Control 1084 - Publicly Accessible Content (d0eb15db-dd1c-4d1d-b200-b12dd6cd060c)
remove Policy Microsoft Managed Control 1426 - Media Protection Policy And Procedures (21f639bc-f42b-46b1-8f40-7a2a389c291a)
remove Policy Microsoft Managed Control 1678 - Malicious Code Protection (dd533cb0-b416-4be7-8e86-4d154824dfd7)
remove Policy Microsoft Managed Control 1302 - User Identification And Authentication | Network Access To Non-Privileged Accounts (09828c65-e323-422b-9774-9d5c646124da)
remove Policy Microsoft Managed Control 1702 - Information System Monitoring | Indicators Of Compromise (4dfc0855-92c4-4641-b155-a55ddd962362)
remove Policy Microsoft Managed Control 1182 - Baseline Configuration | Configure Systems, Components, Or Devices For High-Risk Areas (4f34f554-da4b-4786-8d66-7915c90893da)
remove Policy Microsoft Managed Control 1532 - Third-Party Personnel Security (a2c66299-9017-4d95-8040-8bdbf7901d52)
remove Policy Microsoft Managed Control 1238 - User-Installed Software (a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1)
remove Policy Microsoft Managed Control 1704 - Security Alerts & Advisories (2d44b6fa-1134-4ea6-ad4e-9edb68f65429)
remove Policy Microsoft Managed Control 1624 - Boundary Protection (37d079e3-d6aa-4263-a069-dd7ac6dd9684)
remove Policy Microsoft Managed Control 1122 - Audit Review, Analysis, And Reporting | Permitted Actions (243ec95e-800c-49d4-ba52-1fdd9f6b8b57)
remove Policy Microsoft Managed Control 1452 - Physical Access Control (82c76455-4d3f-4e09-a654-22e592107e74)
remove Policy Microsoft Managed Control 1077 - Use Of External Information Systems (2dad3668-797a-412e-a798-07d3849a7a79)
remove Policy Microsoft Managed Control 1545 - Risk Assessment (3f4b171a-a56b-4328-8112-32cf7f947ee1)
remove Policy Microsoft Managed Control 1429 - Media Labeling (b07c9b24-729e-4e85-95fc-f224d2d08a80)
remove Policy Microsoft Managed Control 1327 - Authenticator Management | Password-Based Authentication (03188d8f-1ae5-4fe1-974d-2d7d32ef937d)
remove Policy Microsoft Managed Control 1412 - Remote Maintenance (3492d949-0dbb-4589-88b3-7b59601cc764)
remove Policy Microsoft Managed Control 1498 - Rules Of Behavior (633988b9-cf2f-4323-8394-f0d2af9cd6e1)
remove Policy Microsoft Managed Control 1114 - Response To Audit Processing Failures | Real-Time Alerts (4c090801-59bc-4454-bb33-e0455133486a)
remove Policy Microsoft Managed Control 1600 - Developer Security Testing And Evaluation (c53f3123-d233-44a7-930b-f40d3bfeb7d6)
remove Policy Microsoft Managed Control 1352 - Incident Response Policy And Procedures (518cb545-bfa8-43f8-a108-3b7d5037469a)
remove Policy Microsoft Managed Control 1282 - Telecommunications Services | Single Points Of Failure (34042a97-ec6d-4263-93d2-8c1c46823b2a)
remove Policy Microsoft Managed Control 1709 - Security Functionality Verification (025992d6-7fee-4137-9bbf-2ffc39c0686c)
remove Policy Microsoft Managed Control 1343 - Authenticator Management | Expiration Of Cached Authenticators (2c251a55-31eb-4e53-99c6-e9c43c393ac2)
remove Policy Microsoft Managed Control 1713 - Software & Information Integrity | Integrity Checks (0d87c70b-5012-48e9-994b-e70dd4b8def0)
remove Policy Microsoft Managed Control 1270 - Alternate Storage Site | Recovery Time / Point Objectives (53c76a39-2097-408a-b237-b279f7b4614d)
remove Policy Microsoft Managed Control 1074 - Access Control for Portable And Mobile Systems (27a69937-af92-4198-9b86-08d355c7e59a)
remove Policy Microsoft Managed Control 1516 - Personnel Termination (da3cd269-156f-435b-b472-c3af34c032ed)
remove Policy Microsoft Managed Control 1536 - Risk Assessment Policy And Procedures (6e40d9de-2ad4-4cb5-8945-23143326a502)
remove Policy Microsoft Managed Control 1176 - Baseline Configuration (c30690a5-7bf3-467f-b0cd-ef5c7c7449cd)
remove Policy Microsoft Managed Control 1063 - Remote Access | Managed Access Control Points (593ce201-54b2-4dd0-b34f-c308005d7780)
remove Policy Microsoft Managed Control 1469 - Power Equipment And Cabling (f509c5b6-0de0-4a4e-9b2e-cd9cbf3a58fd)
remove Policy Microsoft Managed Control 1272 - Alternate Processing Site (ae46cf7a-e3fd-427b-9b91-44bc78e2d9d8)
remove Policy Microsoft Managed Control 1611 - Developer-Provided Training (fdda8a0c-ac32-43f6-b2f4-7dc1df03f43f)
remove Policy Microsoft Managed Control 1442 - Media Sanitization And Disposal | Nondestructive Techniques (4f26049b-2c5a-4841-9ff3-d48a26aae475)
remove Policy Microsoft Managed Control 1224 - Information System Component Inventory | Updates During Installations / Removals (28cfa30b-7f72-47ce-ba3b-eed26c8d2c82)
remove Policy Microsoft Managed Control 1295 - Information System Recovery And Reconstitution (a895fbdb-204d-4302-9689-0a59dc42b3d9)
remove Policy Microsoft Managed Control 1255 - Contingency Plan | Continue Essential Missions / Business Functions (f3793f5e-937f-44f7-bfba-40647ef3efa0)
remove Policy Microsoft Managed Control 1622 - Boundary Protection (ecf56554-164d-499a-8d00-206b07c27bed)
remove Policy Microsoft Managed Control 1309 - User Identification And Authentication | Acceptance Of Piv Credentials (f355d62b-39a8-4ba3-abf7-90f71cb3b000)
remove Policy Microsoft Managed Control 1056 - Session Termination | User-Initiated Logouts / Message Displays (ac43352f-df83-4694-8738-cfce549fd08d)
remove Policy Microsoft Managed Control 1700 - Information System Monitoring | Unauthorized Network Services (7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5)
remove Policy Microsoft Managed Control 1152 - System Interconnections (beff0acf-7e67-40b2-b1ca-1a0e8205cf1b)
remove Policy Microsoft Managed Control 1377 - Incident Response Assistance | Coordination With External Providers (68434bd1-e14b-4031-9edb-a4adf5f84a67)
remove Policy Microsoft Managed Control 1556 - Vulnerability Scanning | Automated Trend Analyses (391ff8b3-afed-405e-9f7d-ef2f8168d5da)
remove Policy Microsoft Managed Control 1165 - Continuous Monitoring (47e10916-6c9e-446b-b0bd-ff5fd439d79d)
remove Policy Microsoft Managed Control 1028 - Information Flow Enforcement (f171df5c-921b-41e9-b12b-50801c315475)
remove Policy Microsoft Managed Control 1474 - Emergency Power | Long-Term Alternate Power Supply - Minimal Operational Capability (03ad326e-d7a1-44b1-9a76-e17492efc9e4)
remove Policy Microsoft Managed Control 1230 - Configuration Management Plan (11158848-f679-4e9b-aa7b-9fb07d945071)
remove Policy Microsoft Managed Control 1617 - Application Partitioning (a631d8f5-eb81-4f9d-9ee1-74431371e4a3)
remove Policy Microsoft Managed Control 1597 - Developer Configuration Management (68b250ec-2e4f-4eee-898a-117a9fda7016)
remove Policy Microsoft Managed Control 1506 - Personnel Security Policy And Procedures (f7d2ff17-d604-4dd9-b607-9ecf63f28ad2)
remove Policy Microsoft Managed Control 1108 - Content Of Audit Records | Additional Audit Information (f9ad559e-c12d-415e-9a78-e50fdd7da7ba)
remove Policy Microsoft Managed Control 1259 - Contingency Training (9d9e18f7-bad9-4d30-8806-a0c9d5e26208)
remove Policy Microsoft Managed Control 1164 - Continuous Monitoring (0fb8d3ce-9e96-481c-9c68-88d4e3019310)
remove Policy Microsoft Managed Control 1686 - Information System Monitoring (e17085c5-0be8-4423-b39b-a52d3d1402e5)
remove Policy Microsoft Managed Control 1500 - Rules Of Behavior (9dd5b241-03cb-47d3-a5cd-4b89f9c53c92)
remove Policy Microsoft Managed Control 1582 - Information System Documentation (cd9e2f38-259b-462c-bfad-0ad7ab4e65c5)
remove Policy Microsoft Managed Control 1370 - Incident Monitoring | Automated Tracking / Data Collection / Analysis (924e1b2d-c502-478f-bfdb-a7e09a0d5c01)
remove Policy Microsoft Managed Control 1326 - Authenticator Management (8605fc00-1bf5-4fb3-984e-c95cec4f231d)
remove Policy Microsoft Managed Control 1438 - Media Sanitization And Disposal (40fcc635-52a2-4dbc-9523-80a1f4aa1de6)
remove Policy Microsoft Managed Control 1615 - System And Communications Protection Policy And Procedures (f35e02aa-0a55-49f8-8811-8abfa7e6f2c0)
remove Policy Microsoft Managed Control 1050 - Concurrent Session Control (bd20184c-b4ec-4ce5-8db6-6e86352d183f)
remove Policy Microsoft Managed Control 1324 - Authenticator Management (8cfea2b3-7f77-497e-ac20-0752f2ff6eee)
remove Policy Microsoft Managed Control 1339 - Authenticator Management | Protection Of Authenticators (367ae386-db7f-4167-b672-984ff86277c0)
remove Policy Microsoft Managed Control 1548 - Vulnerability Scanning (3afe6c78-6124-4d95-b85c-eb8c0c9539cb)
remove Policy Microsoft Managed Control 1133 - Protection Of Audit Information | Cryptographic Protection (90b60a09-133d-45bc-86ef-b206a6134bbe)
remove Policy Microsoft Managed Control 1392 - Information Spillage Response | Post-Spill Operations (86dc819f-15e1-43f9-a271-41ae58d4cecc)
remove Policy Microsoft Managed Control 1711 - Security Functionality Verification (b083a535-a66a-41ec-ba7f-f9498bf67cde)
remove Policy Microsoft Managed Control 1086 - Publicly Accessible Content (fb321e6f-16a0-4be3-878f-500956e309c5)
remove Policy Microsoft Managed Control 1322 - Authenticator Management (9d1d971e-467e-4278-9633-c74c3d4fecc4)
remove Policy Microsoft Managed Control 1579 - Acquisitions Process | Use Of Approved Piv Products (4e54c7ef-7457-430b-9a3e-ef8881d4a8e0)
remove Policy Microsoft Managed Control 1443 - Media Use (cd0ec6fa-a2e7-4361-aee4-a8688659a9ed)
remove Policy Microsoft Managed Control 1118 - Audit Review, Analysis, And Reporting | Correlate Audit Repositories (a96f743d-a195-420d-983a-08aa06bc441e)
remove Policy Microsoft Managed Control 1441 - Media Sanitization And Disposal | Equipment Testing (6519d7f3-e8a2-4ff3-a935-9a9497152ad7)
remove Policy Microsoft Managed Control 1614 - Developer Security Architecture And Design (8154e3b3-cc52-40be-9407-7756581d71f6)
remove Policy Microsoft Managed Control 1468 - Visitor Access Records | Automated Records Maintenance / Review (75603f96-80a1-4757-991d-5a1221765ddd)
remove Policy Microsoft Managed Control 1116 - Audit Review, Analysis, And Reporting (5e47bc51-35d1-44b8-92af-e2f2d8b67635)
remove Policy Microsoft Managed Control 1220 - Least Functionality | Authorized Software / Whitelisting (c40f31a7-81e1-4130-99e5-a02ceea2a1d6)
remove Policy Microsoft Managed Control 1169 - Continuous Monitoring | Trend Analyses (e7ba2cb3-5675-4468-8b50-8486bdd998a5)
remove Policy Microsoft Managed Control 1155 - System Interconnections | Restrictions On External System Connections (4d33f9f1-12d0-46ad-9fbd-8f8046694977)
remove Policy Microsoft Managed Control 1531 - Third-Party Personnel Security (f0643e0c-eee5-4113-8684-c608d05c5236)
remove Policy Microsoft Managed Control 1561 - Allocation Of Resources (40364c3f-c331-4e29-b1e3-2fbe998ba2f5)
remove Policy Microsoft Managed Control 1286 - Telecommunications Services | Provider Contingency Plan (b4f9b47a-2116-4e6f-88db-4edbf22753f1)
remove Policy Microsoft Managed Control 1673 - Flaw Remediation | Automated Flaw Remediation Status (dff0b90d-5a6f-491c-b2f8-b90aa402d844)
remove Policy Microsoft Managed Control 1699 - Information System Monitoring | Privileged Users (69c7bee8-bc19-4129-a51e-65a7b39d3e7c)
remove Policy Microsoft Managed Control 1424 - Maintenance Personnel | Individuals Without Appropriate Access (cf55fc87-48e1-4676-a2f8-d9a8cf993283)
remove Policy Microsoft Managed Control 1180 - Baseline Configuration | Automation Support For Accuracy / Currency (874e7880-a067-42a7-bcbe-1a340f54c8cc)
remove Policy Microsoft Managed Control 1718 - Software & Information Integrity | Binary Or Machine Executable Code (0dced7ab-9ce5-4137-93aa-14c13e06ab17)
remove Policy Microsoft Managed Control 1158 - Security Authorization (fff50cf2-28eb-45b4-b378-c99412688907)
remove Policy Microsoft Managed Control 1402 - Controlled Maintenance | Automated Maintenance Activities (0a560d32-8075-4fec-9615-9f7c853f4ea9)
remove Policy Microsoft Managed Control 1041 - Least Privilege | Privilege Levels For Code Execution (b3d8d15b-627a-4219-8c96-4d16f788888b)
remove Policy Microsoft Managed Control 1106 - Audit Events | Reviews And Updates (d2b4feae-61ab-423f-a4c5-0e38ac4464d8)
remove Policy Microsoft Managed Control 1355 - Incident Response Training (90e01f69-3074-4de8-ade7-0fef3e7d83e0)
remove Policy Microsoft Managed Control 1526 - Access Agreements (953e6261-a05a-44fd-8246-000e1a3edbb9)
remove Policy Microsoft Managed Control 1049 - System Use Notification (9adf7ba7-900a-4f35-8d57-9f34aafc405c)
remove Policy Microsoft Managed Control 1321 - Authenticator Management (eb627cc6-3a9d-46b5-96b7-5fca49178a37)
remove Policy Microsoft Managed Control 1514 - Personnel Screening | Information With Special Protection Measures (9ed5ca00-0e43-434e-a018-7aab91461ba7)
remove Policy Microsoft Managed Control 1192 - Configuration Change Control | Automated Document / Notification / Prohibition Of Changes (4ebd97f7-b105-4f50-8daf-c51465991240)
remove Policy Microsoft Managed Control 1029 - Information Flow Enforcement | Security Policy Filters (53ac8f8e-c2b5-4d44-8a2d-058e9ced9b69)
remove Policy Microsoft Managed Control 1342 - Authenticator Management | Hardware Token-Based Authentication (283a4e29-69d5-4c94-b99e-29acf003c899)
remove Policy Microsoft Managed Control 1000 - Access Control Policy And Procedures Requirements (2ef3cc79-733e-48ed-ab6f-7bf439e9b406)
remove Policy Microsoft Managed Control 1601 - Developer Security Testing And Evaluation (0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e)
remove Policy Microsoft Managed Control 1066 - Remote Access | Disconnect / Disable Access (4455c2e8-c65d-4acf-895e-304916f90b36)
remove Policy Microsoft Managed Control 1641 - Transmission Confidentiality And Integrity | Cryptographic Or Alternate Physical Protection (d39d4f68-7346-4133-8841-15318a714a24)
remove Policy Microsoft Managed Control 1528 - Access Agreements (deb9797c-22f8-40e8-b342-a84003c924e6)
remove Policy Microsoft Managed Control 1538 - Security Categorization (1d7658b2-e827-49c3-a2ae-6d2bd0b45874)
remove Policy Microsoft Managed Control 1584 - Information System Documentation (5864522b-ff1d-4979-a9f8-58bee1fb174c)
remove Policy Microsoft Managed Control 1035 - Least Privilege | Authorize Access To Security Functions (ca94b046-45e2-444f-a862-dc8ce262a516)
remove Policy Microsoft Managed Control 1378 - Incident Response Plan (97fceb70-6983-42d0-9331-18ad8253184d)
remove Policy Microsoft Managed Control 1559 - System And Services Acquisition Policy And Procedures (45692294-f074-42bd-ac54-16f1a3c07554)
remove Policy Microsoft Managed Control 1143 - Certification, Authorization, Security Assessment Policy And Procedures (7c6de11b-5f51-4f7c-8d83-d2467c8a816e)
remove Policy Microsoft Managed Control 1303 - User Identification And Authentication | Local Access To Privileged Accounts (80ca0a27-918a-4604-af9e-723a27ee51e8)
remove Policy Microsoft Managed Control 1519 - Personnel Termination (2f13915a-324c-4ab8-b45c-2eefeeefb098)
remove Policy Microsoft Managed Control 1534 - Personnel Sanctions (8b2b263e-cd05-4488-bcbf-4debec7a17d9)
remove Policy Microsoft Managed Control 1393 - Information Spillage Response | Exposure To Unauthorized Personnel (731856d8-1598-4b75-92de-7d46235747c0)
remove Policy Microsoft Managed Control 1606 - Developer Security Testing And Evaluation | Threat And Vulnerability Analyses (baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca)
remove Policy Microsoft Managed Control 1604 - Developer Security Testing And Evaluation (44dbba23-0b61-478e-89c7-b3084667782f)
remove Policy Microsoft Managed Control 1375 - Incident Response Assistance | Automation Support For Availability Of Information / Support (00379355-8932-4b52-b63a-3bc6daf3451a)
remove Policy Microsoft Managed Control 1558 - Vulnerability Scanning | Correlate Scanning Information (65592b16-4367-42c5-a26e-d371be450e17)
remove Policy Microsoft Managed Control 1208 - Configuration Settings (5ea87673-d06b-456f-a324-8abcee5c159f)
remove Policy Microsoft Managed Control 1427 - Media Protection Policy And Procedures (bc90e44f-d83f-4bdf-900f-3d5eb4111b31)
remove Policy Microsoft Managed Control 1350 - Identification And Authentication (Non-Organizational Users) | Use Of Ficam-Issued Profiles (d77fd943-6ba6-4a21-ba07-22b03e347cc4)
remove Policy Microsoft Managed Control 1055 - Session Termination| User-Initiated Logouts / Message Displays (769efd9b-3587-4e22-90ce-65ddcd5bd969)
remove Policy Microsoft Managed Control 1137 - Audit Generation (4344df62-88ab-4637-b97b-bcaf2ec97e7c)
remove Policy Microsoft Managed Control 1662 - Fail In Known State (165cb91f-7ea8-4ab7-beaf-8636b98c9d15)
remove Policy Microsoft Managed Control 1314 - Identifier Management (ef0c8530-efd9-45b8-b753-f03083d06295)
remove Policy Microsoft Managed Control 1163 - Continuous Monitoring (961663a1-8a91-4e59-b6f5-1eee57c0f49c)
remove Policy Microsoft Managed Control 1112 - Response To Audit Processing Failures (d530aad8-4ee2-45f4-b234-c061dae683c0)
remove Policy Microsoft Managed Control 1318 - Authenticator Management (fced5fda-3bdb-4d73-bfea-0e2c80428b66)
remove Policy Microsoft Managed Control 1389 - Information Spillage Response (c39e6fda-ae70-4891-a739-be7bba6d1062)
remove Policy Microsoft Managed Control 1472 - Emergency Shutoff (ef869332-921d-4c28-9402-3be73e6e50c8)
remove Policy Microsoft Managed Control 1661 - Session Authenticity | Invalidate Session Identifiers At Logout (4c643c9a-1be7-4016-a5e7-e4bada052920)
remove Policy Microsoft Managed Control 1652 - Mobile Code (6998e84a-2d29-4e10-8962-76754d4f772d)
remove Policy Microsoft Managed Control 1002 - Account Management (632024c2-8079-439d-a7f6-90af1d78cc65)
remove Policy Microsoft Managed Control 1415 - Remote Maintenance (61a1dd98-b259-4840-abd5-fbba7ee0da83)
remove Policy Microsoft Managed Control 1229 - Information System Component Inventory | No Duplicate Accounting Of Components (03752212-103c-4ab8-a306-7e813022ca9d)
remove Policy Microsoft Managed Control 1444 - Media Use | Prohibit Use Without Owner (666143df-f5e0-45bd-b554-135f0f93e44e)
remove Policy Microsoft Managed Control 1059 - Remote Access (a29b5d9f-4953-4afe-b560-203a6410b6b4)
remove Policy Microsoft Managed Control 1515 - Personnel Termination (02dd141a-a2b2-49a7-bcbd-ca31142f6211)
remove Policy Microsoft Managed Control 1368 - Incident Handling | Correlation With External Organizations (465f32da-0ace-4603-8d1b-7be5a3a702de)
remove Policy Microsoft Managed Control 1183 - Baseline Configuration | Configure Systems, Components, Or Devices For High-Risk Areas (5352e3e0-e63a-452e-9e5f-9c1d181cff9c)
remove Policy Microsoft Managed Control 1357 - Incident Response Training | Automated Training Environments (e4213689-05e8-4241-9d4e-8dd1cdafd105)
remove Policy Microsoft Managed Control 1219 - Least Functionality | Authorized Software / Whitelisting (2a39ac75-622b-4c88-9a3f-45b7373f7ef7)
remove Policy Microsoft Managed Control 1645 - Cryptographic Key Establishment And Management | Symmetric Keys (afbd0baf-ff1a-4447-a86f-088a97347c0c)
remove Policy Microsoft Managed Control 1187 - Configuration Change Control (9f2b2f9e-4ba6-46c3-907f-66db138b6f85)
remove Policy Microsoft Managed Control 1397 - Controlled Maintenance (391af4ab-1117-46b9-b2c7-78bbd5cd995b)
remove Policy Microsoft Managed Control 1232 - Configuration Management Plan (396ba986-eac1-4d6d-85c4-d3fda6b78272)
remove Policy Microsoft Managed Control 1154 - System Interconnections | Unclassified Non-National Security System Connections (e757ceb9-93b3-45fe-a4f4-f43f64f1ac5a)
remove Policy Microsoft Managed Control 1428 - Media Access (0a77fcc7-b8d8-451a-ab52-56197913c0c7)
remove Policy Microsoft Managed Control 1340 - Authenticator Management | No Embedded Unencrypted Static Authenticators (e51ff84b-e5ea-408f-b651-2ecc2933e4c6)
remove Policy Microsoft Managed Control 1530 - Third-Party Personnel Security (6e8f9566-29f1-49cd-b61f-f8628a3cf993)
remove Policy Microsoft Managed Control 1276 - Alternate Processing Site | Accessibility (e214e563-1206-4a43-a56b-ac5880c9c571)
remove Policy Microsoft Managed Control 1315 - Identifier Management (3aa87116-f1a1-4edb-bfbf-14e036f8d454)
remove Policy Microsoft Managed Control 1543 - Risk Assessment (fd00b778-b5b5-49c0-a994-734ea7bd3624)
remove Policy Microsoft Managed Control 1119 - Audit Review, Analysis, And Reporting | Central Review And Analysis (845f6359-b764-4b40-b579-657aefe23c44)
remove Policy Microsoft Managed Control 1307 - User Identification And Authentication | Network Access To Non-Privileged Accounts - Replay... (84e622c8-4bed-417c-84c6-b2fb0dd73682)
remove Policy Microsoft Managed Control 1646 - Cryptographic Key Establishment And Management | Asymmetric Keys (506814fa-b930-4b10-894e-a45b98c40e1a)
remove Policy Microsoft Managed Control 1657 - Secure Name / Address Resolution Service (Authoritative Source) (90f01329-a100-43c2-af31-098996135d2b)
remove Policy Microsoft Managed Control 1571 - Acquisitions Process (b11c985b-f2cd-4bd7-85f4-b52426edf905)
remove Policy Microsoft Managed Control 1331 - Authenticator Management | Password-Based Authentication (05460fe2-301f-4ed1-8174-d62c8bb92ff4)
remove Policy Microsoft Managed Control 1223 - Information System Component Inventory (05a1bb01-ad5a-49c1-aad3-b0c893b2ec3a)
remove Policy Microsoft Managed Control 1440 - Media Sanitization And Disposal | Review / Approve / Track / Document / Verify (881299bf-2a5b-4686-a1b2-321d33679953)
remove Policy Microsoft Managed Control 1251 - Contingency Plan | Coordinate With Related Plans (5e2b3730-8c14-4081-8893-19dbb5de7348)
remove Policy Microsoft Managed Control 1689 - Information System Monitoring (de901f2f-a01a-4456-97f0-33cda7966172)
remove Policy Microsoft Managed Control 1323 - Authenticator Management (abe8f70b-680f-470c-9b86-a7edfb664ecc)
remove Policy Microsoft Managed Control 1476 - Fire Protection (0f3c4ac2-3e35-4906-a80b-473b12a622d7)
remove Policy Microsoft Managed Control 1361 - Incident Handling (03ed3be1-7276-4452-9a5d-e4168565ac67)
remove Policy Microsoft Managed Control 1380 - Incident Response Plan (b4319b7e-ea8d-42ff-8a67-ccd462972827)
remove Policy Microsoft Managed Control 1508 - Position Categorization (76f500cc-4bca-4583-bda1-6d084dc21086)
remove Policy Microsoft Managed Control 1660 - Session Authenticity (63096613-ce83-43e5-96f4-e588e8813554)
remove Policy Microsoft Managed Control 1354 - Incident Response Training (9fd92c17-163a-4511-bb96-bbb476449796)
remove Policy Microsoft Managed Control 1103 - Audit Events (16feeb31-6377-437e-bbab-d7f73911896d)
remove Policy Microsoft Managed Control 1285 - Telecommunications Services | Provider Contingency Plan (01f7726b-db54-45c2-bcb5-9bd7a43796ee)
remove Policy Microsoft Managed Control 1435 - Media Transport (fa8d221b-d130-4637-ba16-501e666628bb)
remove Policy Microsoft Managed Control 1256 - Contingency Plan | Identify Critical Assets (232ab24b-810b-4640-9019-74a7d0d6a980)
remove Policy Microsoft Managed Control 1115 - Audit Review, Analysis, And Reporting (0b653845-2ad9-4e09-a4f3-5a7c1d78353d)
remove Policy Microsoft Managed Control 1555 - Vulnerability Scanning | Privileged Access (5afa8cab-1ed7-4e40-884c-64e0ac2059cc)
remove Policy Microsoft Managed Control 1294 - Information System Backup | Transfer To Alternate Storage Site (49dbe627-2c1e-438c-979e-dd7a39bbf81d)
remove Policy Microsoft Managed Control 1633 - Boundary Protection | Route Traffic To Authenticated Proxy Servers (07557aa0-e02f-4460-9a81-8ecd2fed601a)
remove Policy Microsoft Managed Control 1113 - Response To Audit Processing Failures | Audit Storage Capacity (562afd61-56be-4313-8fe4-b9564aa4ba7d)
remove Policy Microsoft Managed Control 1283 - Telecommunications Services | Separation Of Primary / Alternate Providers (a9172e76-7f56-46e9-93bf-75d69bdb5491)
remove Policy Microsoft Managed Control 1667 - System And Information Integrity Policy And Procedures (d61880dc-6e38-4f2a-a30c-3406a98f8220)
remove Policy Microsoft Managed Control 1140 - Audit Generation | System-Wide / Time-Correlated Audit Trail (90d8b8ad-8ee3-4db7-913f-2a53fcff5316)
remove Policy Microsoft Managed Control 1328 - Authenticator Management | Password-Based Authentication (f5c66fdc-3d02-4034-9db5-ba57802609de)
remove Policy Microsoft Managed Control 1319 - Authenticator Management (66f7ae57-5560-4fc5-85c9-659f204e7a42)
remove Policy Microsoft Managed Control 1301 - User Identification And Authentication | Network Access To Privileged Accounts (b6a8e0cc-ac23-468b-abe4-a8a1cc6d7a08)
remove Policy Microsoft Managed Control 1390 - Information Spillage Response | Responsible Personnel (c3b65b63-09ec-4cb5-8028-7dd324d10eb0)
remove Policy Microsoft Managed Control 1205 - Access Restrictions For Change | Signed Components (5b070cab-0fb8-4e48-ad29-fc90b4c2797c)
remove Policy Microsoft Managed Control 1369 - Incident Monitoring (18cc35ed-a429-486d-8d59-cb47e87304ed)
remove Policy Microsoft Managed Control 1221 - Least Functionality | Authorized Software / Whitelisting (22589a07-0007-486a-86ca-95355081ae2a)
remove Policy Microsoft Managed Control 1348 - Identification And Authentication (Non-Organizational Users) | Acceptance Of Third-Party... (855ced56-417b-4d74-9d5f-dd1bc81e22d6)
remove Policy Microsoft Managed Control 1406 - Maintenance Tools | Inspect Media (a0f5339c-9292-43aa-a0bc-d27c6b8e30aa)
remove Policy Microsoft Managed Control 1214 - Least Functionality (f714a4e2-b580-47b6-ae8c-f2812d3750f3)
remove Policy Microsoft Managed Control 1051 - Session Lock (7cac6ee9-b58b-40c8-a5ce-f0efc3d9b339)
remove Policy Microsoft Managed Control 1334 - Authenticator Management | Pki-Based Authentication (44bfdadc-8c2e-4c30-9c99-f005986fabcd)
remove Policy Microsoft Managed Control 1171 - Penetration Testing | Independent Penetration Agent Or Team (6d4820bc-8b61-4982-9501-2123cb776c00)
remove Policy Microsoft Managed Control 1574 - Acquisitions Process (0f935dab-83d6-47b8-85ef-68b8584161b9)
remove Policy Microsoft Managed Control 1726 - Information Output Handling And Retention (baff1279-05e0-4463-9a70-8ba5de4c7aa4)
remove Policy Microsoft Managed Control 1218 - Least Functionality | Prevent Program Execution (4a1d0394-b9f5-493e-9e83-563fd0ac4df8)
remove Policy Microsoft Managed Control 1300 - User Identification And Authentication (99deec7d-5526-472e-b07c-3645a792026a)
remove Policy Microsoft Managed Control 1693 - Information System Monitoring | System-Generated Alerts (a450eba6-2efc-4a00-846a-5804a93c6b77)
remove Policy Microsoft Managed Control 1461 - Monitoring Physical Access (aafef03e-fea8-470b-88fa-54bd1fcd7064)
remove Policy Microsoft Managed Control 1433 - Media Transport (5b879b41-2728-41c5-ad24-9ee2c37cbe65)
remove Policy Microsoft Managed Control 1365 - Incident Handling | Continuity Of Operations (4116891d-72f7-46ee-911c-8056cc8dcbd5)
remove Policy Microsoft Managed Control 1388 - Information Spillage Response (2c7c575a-d4c5-4f6f-bd49-dee97a8cba55)
remove Policy Microsoft Managed Control 1080 - Use Of External Information Systems | Portable Storage Devices (852981b4-a380-4704-aa1e-2e52d63445e5)
remove Policy Microsoft Managed Control 1710 - Security Functionality Verification (af2a93c8-e6dd-4c94-acdd-4a2eedfc478e)
remove Policy Microsoft Managed Control 1706 - Security Alerts & Advisories (f475ee0e-f560-4c9b-876b-04a77460a404)
remove Policy Microsoft Managed Control 1120 - Audit Review, Analysis, And Reporting | Integration / Scanning And Monitoring Capabilities (c69b870e-857b-458b-af02-bb234f7a00d3)
remove Policy Microsoft Managed Control 1316 - Identifier Management | Identify User Status (8ce14753-66e5-465d-9841-26ef55c09c0d)
remove Policy Microsoft Managed Control 1577 - Acquisitions Process | Continuous Monitoring Plan (d922484a-8cfc-4a6b-95a4-77d6a685407f)
remove Policy Microsoft Managed Control 1281 - Telecommunications Services | Priority Of Service Provisions (8dc459b3-0e77-45af-8d71-cfd8c9654fe2)
remove Policy Microsoft Managed Control 1647 - Use of Cryptography (791cfc15-6974-42a0-9f4c-2d4b82f4a78c)
remove Policy Microsoft Managed Control 1031 - Separation Of Duties (6b93a801-fe25-4574-a60d-cb22acffae00)
remove Policy Microsoft Managed Control 1629 - Boundary Protection | External Telecommunications Services (c171b095-7756-41de-8644-a062a96043f2)
remove Policy Microsoft Managed Control 1494 - System Security Plan (9ed09d84-3311-4853-8b67-2b55dfa33d09)
remove Policy Microsoft Managed Control 1362 - Incident Handling (5d169442-d6ef-439b-8dca-46c2c3248214)
remove Policy Microsoft Managed Control 1073 - Access Control for Portable And Mobile Systems (ab55cdb0-c7dd-4bd8-ae22-a7cea7594e9c)
remove Policy Microsoft Managed Control 1522 - Personnel Transfer (38b470cc-f939-4a15-80e0-9f0c74f2e2c9)
remove Policy Microsoft Managed Control 1485 - Delivery And Removal (50301354-95d0-4a11-8af5-8039ecf6d38b)
remove Policy Microsoft Managed Control 1583 - Information System Documentation (0882d488-8e80-4466-bc0f-0cd15b6cb66d)
remove Policy Microsoft Managed Control 1687 - Information System Monitoring (7a87fc7f-301e-49f3-ba2a-4d74f424fa97)
remove Policy Microsoft Managed Control 1271 - Alternate Storage Site | Accessibility (da3bfb53-9c46-4010-b3db-a7ba1296dada)
remove Policy Microsoft Managed Control 1058 - Permitted Actions Without Identification Or Authentication (76e85d08-8fbb-4112-a1c1-93521e6a9254)
remove Policy Microsoft Managed Control 1313 - Identifier Management (36220f5b-79a1-4cdb-8c74-2d2449f9a510)
remove Policy Microsoft Managed Control 1413 - Remote Maintenance (aeedddb6-6bc0-42d5-809b-80048033419d)
remove Policy Microsoft Managed Control 1431 - Media Storage (a7173c52-2b99-4696-a576-63dd5f970ef4)
remove Policy Microsoft Managed Control 1430 - Media Labeling (0f559588-5e53-4b14-a7c4-85d28ebc2234)
remove Policy Microsoft Managed Control 1675 - Flaw Remediation | Time To Remediate Flaws / Benchmarks For Corrective Actions (facb66e0-1c48-478a-bed5-747a312323e1)
remove Policy Microsoft Managed Control 1420 - Maintenance Personnel (05ae08cc-a282-413b-90c7-21a2c60b8404)
remove Policy Microsoft Managed Control 1184 - Configuration Change Control (13579d0e-0ab0-4b26-b0fb-d586f6d7ed20)
remove Policy Microsoft Managed Control 1168 - Continuous Monitoring | Independent Assessment (82409f9e-1f32-4775-bf07-b99d53a91b06)
remove Policy Microsoft Managed Control 1592 - External Information System Services | Consistent Interests Of Consumers And Providers (1d01ba6c-289f-42fd-a408-494b355b6222)
remove Policy Microsoft Managed Control 1719 - Spam Protection (c13da9b4-fe14-4fe2-853a-5997c9d4215a)
remove Policy Microsoft Managed Control 1006 - Account Management (aae8d54c-4bce-4c04-b3aa-5b65b67caac8)
remove Policy Microsoft Managed Control 1360 - Incident Handling (be5b05e7-0b82-4ebc-9eda-25e447b1a41e)
remove Policy Microsoft Managed Control 1553 - Vulnerability Scanning | Breadth / Depth Of Coverage (9e5225fe-cdfb-4fce-9aec-0fe20dd53b62)
remove Policy Microsoft Managed Control 1482 - Temperature And Humidity Controls | Monitoring With Alarms / Notifications (9df4277e-8c88-4d5c-9b1a-541d53d15d7b)
remove Policy Microsoft Managed Control 1659 - Architecture And Provisioning For Name / Address Resolution Service (35a4102f-a778-4a2e-98c2-971056288df8)
remove Policy Microsoft Managed Control 1145 - Security Assessments (a0724970-9c75-4a64-a225-a28002953f28)
remove Policy Microsoft Managed Control 1382 - Incident Response Plan (841392b3-40da-4473-b328-4cde49db67b3)
remove Policy Microsoft Managed Control 1520 - Personnel Termination (7f2c513b-eb16-463b-b469-c10e5fa94f0a)
remove Policy Microsoft Managed Control 1129 - Time Stamps | Synchronization With Authoritative Time Source (71bb965d-4047-4623-afd4-b8189a58df5d)
remove Policy Microsoft Managed Control 1016 - Account Management | Automated Audit Actions (d8b43277-512e-40c3-ab00-14b3b6e72238)
remove Policy Microsoft Managed Control 1092 - Security Awareness | Insider Threat (8a29d47b-8604-4667-84ef-90d203fcb305)
remove Policy Microsoft Managed Control 1376 - Incident Response Assistance | Coordination With External Providers (493a95f3-f2e3-47d0-af02-65e6d6decc2f)
remove Policy Microsoft Managed Control 1090 - Security Awareness (2fb740e5-cbc7-4d10-8686-d1bf826652b1)
remove Policy Microsoft Managed Control 1672 - Flaw Remediation | Central Management (b45fe972-904e-45a4-ac20-673ba027a301)
remove Policy Microsoft Managed Control 1104 - Audit Events (cdd8d244-18b2-4306-a1d1-df175ae0935f)
remove Policy Microsoft Managed Control 1020 - Account Management | Role-Based Schemes (0b291ee8-3140-4cad-beb7-568c077c78ce)
remove Policy Microsoft Managed Control 1722 - Spam Protection | Automatic Updates (e1da06bd-25b6-4127-a301-c313d6873fff)
remove Policy Microsoft Managed Control 1172 - Internal System Connections (b43e946e-a4c8-4b92-8201-4a39331db43c)
remove Policy Microsoft Managed Control 1098 - Security Training Records (84363adb-dde3-411a-9fc1-36b56737f822)
remove Policy Microsoft Managed Control 1257 - Contingency Training (b958b241-4245-4bd6-bd2d-b8f0779fb543)
remove Policy Microsoft Managed Control 1638 - Boundary Protection | Dynamic Isolation / Segregation (49b99653-32cd-405d-a135-e7d60a9aae1f)
remove Policy Microsoft Managed Control 1333 - Authenticator Management | Pki-Based Authentication (3298d6bf-4bc6-4278-a95d-f7ef3ac6e594)
remove Policy Microsoft Managed Control 1462 - Monitoring Physical Access (9b1f3a9a-13a1-4b40-8420-36bca6fd8c02)
remove Policy Microsoft Managed Control 1655 - Voice Over Internet Protocol (121eab72-390e-4629-a7e2-6d6184f57c6b)
remove Policy Microsoft Managed Control 1620 - Denial Of Service Protection (d17c826b-1dec-43e1-a984-7b71c446649c)
remove Policy Microsoft Managed Control 1024 - Account Management | Account Monitoring / Atypical Usage (84914fb4-12da-4c53-a341-a9fd463bed10)
remove Policy Microsoft Managed Control 1580 - Information System Documentation (854db8ac-6adf-42a0-bef3-b73f764f40b9)
remove Policy Microsoft Managed Control 1484 - Water Damage Protection | Automation Support (486b006a-3653-45e8-b41c-a052d3e05456)
remove Policy Microsoft Managed Control 1233 - Configuration Management Plan (9d79001f-95fe-45d0-8736-f217e78c1f57)
remove Policy Microsoft Managed Control 1581 - Information System Documentation (742b549b-7a25-465f-b83c-ea1ffb4f4e0e)
remove Policy Microsoft Managed Control 1095 - Role-Based Security Training (bc3f6f7a-057b-433e-9834-e8c97b0194f6)
remove Policy Microsoft Managed Control 1338 - Authenticator Management | Automated Support For Password Strength Determination (6c59a207-6aed-41dc-83a2-e1ff66e4a4db)
remove Policy Microsoft Managed Control 1045 - Unsuccessful Logon Attempts (554d2dd6-f3a8-4ad5-b66f-5ce23bd18892)
remove Policy Microsoft Managed Control 1196 - Configuration Change Control | Automated Document / Notification / Prohibition Of Changes (4e7f4ea4-dd62-44f6-8886-ac6137cf52b0)
remove Policy Microsoft Managed Control 1533 - Third-Party Personnel Security (bba2a036-fb3b-4261-b1be-a13dfb5fbcaa)
remove Policy Microsoft Managed Control 1576 - Acquisitions Process | Design / Implementation Information For Security Controls (5f18c885-ade3-48c5-80b1-8f9216019c18)
remove Policy Microsoft Managed Control 1631 - Boundary Protection | Deny By Default / Allow By Exception (74ae9b8e-e7bb-4c9c-992f-c535282f7a2c)
remove Policy Microsoft Managed Control 1081 - Information Sharing (3867f2a9-23bb-4729-851f-c3ad98580caf)
remove Policy Microsoft Managed Control 1048 - System Use Notification (483e7ca9-82b3-45a2-be97-b93163a0deb7)
remove Policy Microsoft Managed Control 1175 - Configuration Management Policy And Procedures (6dab4254-c30d-4bb7-ae99-1d21586c063c)
remove Policy Microsoft Managed Control 1640 - Transmission Confidentiality And Integrity (05a289ce-6a20-4b75-a0f3-dc8601b6acd0)
remove Policy Microsoft Managed Control 1047 - System Use Notification (e1ff6d62-a55c-41ab-90ba-90bb5b7b6f62)
remove Policy Microsoft Managed Control 1287 - Information System Backup (819dc6da-289d-476e-8500-7e341ef8677d)
remove Policy Microsoft Managed Control 1076 - Use Of External Information Systems (98a4bd5f-6436-46d4-ad00-930b5b1dfed4)
remove Policy Microsoft Managed Control 1625 - Boundary Protection | Access Points (b9b66a4d-70a1-4b47-8fa1-289cec68c605)
remove Policy Microsoft Managed Control 1364 - Incident Handling | Dynamic Reconfiguration (4c615c2a-dc83-4dda-8220-abce7b50c9bc)
remove Policy Microsoft Managed Control 1466 - Visitor Access Records (0d943a9c-a6f1-401f-a792-740cdb09c451)
remove Policy Microsoft Managed Control 1075 - Access Control for Portable And Mobile Systems | Full Device / Container-Based Encryption (fc933d22-04df-48ed-8f87-22a3773d4309)
remove Policy Microsoft Managed Control 1399 - Controlled Maintenance (2256e638-eb23-480f-9e15-6cf1af0a76b3)
remove Policy Microsoft Managed Control 1253 - Contingency Plan | Resume Essential Missions / Business Functions (0afce0b3-dd9f-42bb-af28-1e4284ba8311)
remove Policy Microsoft Managed Control 1491 - Security Planning Policy And Procedures (1571dd40-dafc-4ef4-8f55-16eba27efc7b)
remove Policy Microsoft Managed Control 1707 - Security Alerts & Advisories | Automated Alerts And Advisories (fd4a2ac8-868a-4702-a345-6c896c3361ce)
remove Policy Microsoft Managed Control 1549 - Vulnerability Scanning (d6976a08-d969-4df2-bb38-29556c2eb48a)
remove Policy Microsoft Managed Control 1275 - Alternate Processing Site | Separation From Primary Site (a23d9d53-ad2e-45ef-afd5-e6d10900a737)
remove Policy Microsoft Managed Control 1513 - Personnel Screening | Information With Special Protection Measures (c416970d-b12b-49eb-8af4-fb144cd7c290)
remove Policy Microsoft Managed Control 1666 - System And Information Integrity Policy And Procedures (12e30ee3-61e6-4509-8302-a871e8ebb91e)
remove Policy Microsoft Managed Control 1411 - Remote Maintenance (898d4fe8-f743-4333-86b7-0c9245d93e7d)
remove Policy Microsoft Managed Control 1200 - Security Impact Analysis (e98fe9d7-2ed3-44f8-93b7-24dca69783ff)
remove Policy Microsoft Managed Control 1146 - Security Assessments (dd83410c-ecb6-4547-8f14-748c3cbdc7ac)
remove Policy Microsoft Managed Control 1570 - Acquisitions Process (a7fcf38d-bb09-4600-be7d-825046eb162a)
remove Policy Microsoft Managed Control 1288 - Information System Backup (8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f)
remove Policy Microsoft Managed Control 1043 - Least Privilege | Prohibit Non-Privileged Users From Executing Privileged Functions (361a77f6-0f9c-4748-8eec-bc13aaaa2455)
remove Policy Microsoft Managed Control 1332 - Authenticator Management | Password-Based Authentication (068260be-a5e6-4b0a-a430-cd27071c226a)
remove Policy Microsoft Managed Control 1649 - Collaborative Computing Devices (26d292cc-b0b8-4c29-9337-68abc758bf7b)
remove Policy Microsoft Managed Control 1148 - Security Assessments | Independent Assessors (28e62650-c7c2-4786-bdfa-17edc1673902)
remove Policy Microsoft Managed Control 1593 - External Information System Services | Processing, Storage, And Service Location (2cd0a426-b5f5-4fe0-9539-a6043cdbc6fa)
remove Policy Microsoft Managed Control 1147 - Security Assessments (8fef824a-29a8-4a4c-88fc-420a39c0d541)
remove Policy Microsoft Managed Control 1082 - Information Sharing (24d480ef-11a0-4b1b-8e70-4e023bf2be23)
remove Policy Microsoft Managed Control 1091 - Security Awareness (b23bd715-5d1c-4e5c-9759-9cbdf79ded9d)
remove Policy Microsoft Managed Control 1284 - Telecommunications Services | Provider Contingency Plan (942b3e97-6ae3-410e-a794-c9c999b97c0b)
remove Policy Microsoft Managed Control 1488 - Alternate Work Site (d8ef30eb-a44f-47af-8524-ac19a36d41d2)
remove Policy Microsoft Managed Control 1497 - System Security Plan | Plan / Coordinate With Other Organizational Entities (2e3c5583-1729-4d36-8771-59c32f090a22)
remove Policy Microsoft Managed Control 1330 - Authenticator Management | Password-Based Authentication (f75cedb2-5def-4b31-973e-b69e8c7bd031)
remove Policy Microsoft Managed Control 1099 - Security Training Records (01910bab-8639-4bd0-84ef-cc53b24d79ba)
remove Policy Microsoft Managed Control 1001 - Access Control Policy And Procedures Requirements (4e26f8c3-4bf3-4191-b8fc-d888805101b7)
remove Policy Microsoft Managed Control 1414 - Remote Maintenance (2ce63a52-e47b-4ae2-adbb-6e40d967f9e6)
remove Policy Microsoft Managed Control 1496 - System Security Plan (0ca96127-2f87-46ab-a4fc-0d2a786df1c8)
remove Policy Microsoft Managed Control 1134 - Protection Of Audit Information | Access By Subset Of Privileged Users (4e95f70e-181c-4422-9da2-43079710c789)
remove Policy Microsoft Managed Control 1167 - Continuous Monitoring (cbb2be76-4891-430b-95a7-ca0b0a3d1300)
remove Policy Microsoft Managed Control 1363 - Incident Handling | Automated Incident Handling Processes (ea3e8156-89a1-45b1-8bd6-938abc79fdfd)
remove Policy Microsoft Managed Control 1019 - Account Management | Role-Based Schemes (6a3ee9b2-3977-459c-b8ce-2db583abd9f7)
remove Policy Microsoft Managed Control 1717 - Software & Information Integrity | Binary Or Machine Executable Code (967773fc-d9ab-4a4e-8ff6-f5e9e3f5dbef)
remove Policy Microsoft Managed Control 1097 - Role-Based Security Training | Suspicious Communications And Anomalous System Behavior (cf3e4836-f19e-47eb-a8cd-c3ca150452c0)
remove Policy Microsoft Managed Control 1373 - Incident Reporting | Automated Reporting (4cca950f-c3b7-492a-8e8f-ea39663c14f9)
remove Policy Microsoft Managed Control 1121 - Audit Review, Analysis, And Reporting | Correlation With Physical Monitoring (c72b0eb9-1fc2-44e5-a866-e7cb0532f7c1)
remove Policy Microsoft Managed Control 1603 - Developer Security Testing And Evaluation (2b909c26-162f-47ce-8e15-0c1f55632eac)
remove Policy Microsoft Managed Control 1605 - Developer Security Testing And Evaluation | Static Code Analysis (0062eb8b-dc75-4718-8ea5-9bb4a9606655)
remove Policy Microsoft Managed Control 1598 - Developer Configuration Management (ae7e1f5e-2d63-4b38-91ef-bce14151cce3)
remove Policy Microsoft Managed Control 1481 - Temperature And Humidity Controls (717a1c78-a267-4f56-ac58-ee6c54dc4339)
remove Policy Microsoft Managed Control 1199 - Configuration Change Control | Cryptography Management (a9a08d1c-09b1-48f1-90ea-029bbdf7111e)
remove Policy Microsoft Managed Control 1708 - Security Functionality Verification (7a1e2c88-13de-4959-8ee7-47e3d74f1f48)
remove Policy Microsoft Managed Control 1068 - Wireless Access Restrictions (2d045bca-a0fd-452e-9f41-4ec33769717c)
remove Policy Microsoft Managed Control 1396 - Controlled Maintenance (276af98f-4ff9-4e69-99fb-c9b2452fb85f)
remove Policy Microsoft Managed Control 1211 - Configuration Settings (6a8b9dc8-6b00-4701-aa96-bba3277ebf50)
remove Policy Microsoft Managed Control 1464 - Monitoring Physical Access | Intrusion Alarms / Surveillance Equipment (41256567-1795-4684-b00b-a1308ce43cac)
remove Policy Microsoft Managed Control 1239 - User-Installed Software (0be51298-f643-4556-88af-d7db90794879)
remove Policy Microsoft Managed Control 1473 - Emergency Power (d7047705-d719-46a7-8bb0-76ad233eba71)
remove Policy Microsoft Managed Control 1014 - Account Management | Removal Of Temporary / Emergency Accounts (5dee936c-8037-4df1-ab35-6635733da48c)
remove Policy Microsoft Managed Control 1386 - Information Spillage Response (5120193e-91fd-4f9d-bc6d-194f94734065)
remove Policy Microsoft Managed Control 1416 - Remote Maintenance | Document Remote Maintenance (38dfd8a3-5290-4099-88b7-4081f4c4d8ae)
remove Policy Microsoft Managed Control 1149 - Security Assessments | Specialized Assessments (2e1b855b-a013-481a-aeeb-2bcb129fd35d)
remove Policy Microsoft Managed Control 1110 - Audit Storage Capacity (6182bfa7-0f2a-43f5-834a-a2ddf31c13c7)
remove Policy Microsoft Managed Control 1185 - Configuration Change Control (6420cd73-b939-43b7-9d99-e8688fea053c)
remove Policy Microsoft Managed Control 1568 - Acquisitions Process (b6a8eae8-9854-495a-ac82-d2cd3eac02a6)
remove Policy Microsoft Managed Control 1688 - Information System Monitoring (063c3f09-e0f0-4587-8fd5-f4276fae675f)
remove Policy Microsoft Managed Control 1289 - Information System Backup (7a724864-956a-496c-b778-637cb1d762cf)
remove Policy Microsoft Managed Control 1668 - Flaw Remediation (8fb0966e-be1d-42c3-baca-60df5c0bcc61)
remove Policy Microsoft Managed Control 1381 - Incident Response Plan (e5368258-9684-4567-8126-269f34e65eab)
remove Policy Microsoft Managed Control 1308 - User Identification And Authentication | Remote Access - Separate Device (81817e1c-5347-48dd-965a-40159d008229)
remove Policy Microsoft Managed Control 1564 - System Development Life Cycle (157f0ef9-143f-496d-b8f9-f8c8eeaad801)
remove Policy Microsoft Managed Control 1371 - Incident Reporting (9447f354-2c85-4700-93b3-ecdc6cb6a417)
remove Policy Microsoft Managed Control 1083 - Publicly Accessible Content (4e319cb6-2ca3-4a58-ad75-e67f484e50ec)
remove Policy Microsoft Managed Control 1093 - Role-Based Security Training (7a0bdeeb-15f4-47e8-a1da-9f769f845fdf)
remove Policy Microsoft Managed Control 1201 - Security Impact Analysis | Separate Test Environments (7daef997-fdd3-461b-8807-a608a6dd70f1)
remove Policy Microsoft Managed Control 1391 - Information Spillage Response | Training (dd6ac1a1-660e-4810-baa8-74e868e2ed47)
remove Policy Microsoft Managed Control 1142 - Certification, Authorization, Security Assessment Policy And Procedures (01524fa8-4555-48ce-ba5f-c3b8dcef5147)
remove Policy Microsoft Managed Control 1692 - Information System Monitoring | Inbound And Outbound Communications Traffic (7ecda928-9df4-4dd7-8f44-641a91e470e8)
remove Policy Microsoft Managed Control 1248 - Contingency Plan (50fc602d-d8e0-444b-a039-ad138ee5deb0)
remove Policy Microsoft Managed Control 1394 - System Maintenance Policy And Procedures (4db56f68-3f50-45ab-88f3-ca46f5379a94)
remove Policy Microsoft Managed Control 1005 - Account Management (5b626abc-26d4-4e22-9de8-3831818526b1)
remove Policy Microsoft Managed Control 1477 - Fire Protection | Detection Devices / Systems (4862a63c-6c74-4a9d-a221-89af3c374503)
remove Policy Microsoft Managed Control 1359 - Incident Response Testing | Coordination With Related Plans (47bc7ea0-7d13-4f7c-a154-b903f7194253)
remove Policy Microsoft Managed Control 1030 - Information Flow Enforcement | Physical / Logical Separation Of Information Flows (d3531453-b869-4606-9122-29c1cd6e7ed1)
remove Policy Microsoft Managed Control 1337 - Authenticator Management | In-Person Or Trusted Third-Party Registration (463e5220-3f79-4e24-a63f-343e4096cd22)
remove Policy Microsoft Managed Control 1705 - Security Alerts & Advisories (f82e3639-fa2b-4e06-a786-932d8379b972)
remove Policy Microsoft Managed Control 1658 - Secure Name / Address Resolution Service (Recursive Or Caching Resolver) (063b540e-4bdc-4e7a-a569-3a42ddf22098)
remove Policy Microsoft Managed Control 1061 - Remote Access | Automated Monitoring / Control (7ac22808-a2e8-41c4-9d46-429b50738914)
remove Policy Microsoft Managed Control 1634 - Boundary Protection | Prevent Unauthorized Exfiltration (292a7c44-37fa-4c68-af7c-9d836955ded2)
remove Policy Microsoft Managed Control 1621 - Resource Availability (3cb9f731-744a-4691-a481-ca77b0411538)
remove Policy Microsoft Managed Control 1013 - Account Management | Automated System Account Management (8fd7b917-d83b-4379-af60-51e14e316c61)
remove Policy Microsoft Managed Control 1291 - Information System Backup | Testing For Reliability / Integrity (6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912)
remove Policy Microsoft Managed Control 1727 - Memory Protection (697175a7-9715-4e89-b98b-c6f605888fa3)
remove Policy Microsoft Managed Control 1215 - Least Functionality (88fc93e8-4745-4785-b5a5-b44bb92c44ff)
remove Policy Microsoft Managed Control 1569 - Acquisitions Process (ad2f8e61-a564-4dfd-8eaa-816f5be8cb34)
remove Policy Microsoft Managed Control 1127 - Time Stamps (3ce328db-aef3-48ed-9f81-2ab7cf839c66)
remove Policy Microsoft Managed Control 1273 - Alternate Processing Site (e77fcbf2-a1e8-44f1-860e-ed6583761e65)
remove Policy Microsoft Managed Control 1346 - Identification And Authentication (Non-Organizational Users) (464dc8ce-2200-4720-87a5-dc5952924cc6)
remove Policy Microsoft Managed Control 1040 - Least Privilege | Review Of User Privileges (54205576-cec9-463f-ba44-b4b3f5d0a84c)
remove Policy Microsoft Managed Control 1228 - Information System Component Inventory | Accountability Information (39c54140-5902-4079-8bb5-ad31936fe764)
remove Policy Microsoft Managed Control 1197 - Configuration Change Control | Test / Validate / Document Changes (a20d2eaa-88e2-4907-96a2-8f3a05797e5c)
remove Policy Microsoft Managed Control 1032 - Separation Of Duties (5aa85661-d618-46b8-a20f-ca40a86f0751)
remove Policy Microsoft Managed Control 1012 - Account Management (efd7b9ae-1db6-4eb6-b0fe-87e6565f9738)
remove Policy Microsoft Managed Control 1715 - Software & Information Integrity | Automated Response To Integrity Violations (dd469ae0-71a8-4adc-aafc-de6949ca3339)
remove Policy Microsoft Managed Control 1366 - Incident Handling | Information Correlation (06c45c30-ae44-4f0f-82be-41331da911cc)
remove Policy Microsoft Managed Control 1374 - Incident Response Assistance (cc5c8616-52ef-4e5e-8000-491634ed9249)
remove Policy Microsoft Managed Control 1450 - Physical Access Authorizations (134d7a13-ba3e-41e2-b236-91bfcfa24e01)
remove Policy Microsoft Managed Control 1190 - Configuration Change Control (c66a3d1e-465b-4f28-9da5-aef701b59892)
remove Policy Microsoft Managed Control 1226 - Information System Component Inventory | Automated Unauthorized Component Detection (c158eb1c-ae7e-4081-8057-d527140c4e0c)
remove Policy Microsoft Managed Control 1653 - Mobile Code (6b1c00a7-7fd0-42b0-8c5b-c45f6fa1f71b)
remove Policy Microsoft Managed Control 1372 - Incident Reporting (25b96717-c912-4c00-9143-4e487f411726)
remove Policy Microsoft Managed Control 1628 - Boundary Protection | External Telecommunications Services (67de62b4-a737-4781-8861-3baed3c35069)
remove Policy Microsoft Managed Control 1132 - Protection Of Audit Information | Audit Backup On Separate Physical Systems / Components (05938e10-cdbd-4a54-9b2b-1cbcfc141ad0)
remove Policy Microsoft Managed Control 1395 - System Maintenance Policy And Procedures (7207a023-a517-41c5-9df2-09d4c6845a05)
remove Policy Microsoft Managed Control 1696 - Information System Monitoring | Correlate Monitoring Information (69d2a238-20ab-4206-a6dc-f302bf88b1b8)
remove Policy Microsoft Managed Control 1236 - Software Usage Restrictions (9ba3ed84-c768-4e18-b87c-34ef1aff1b57)
remove Policy Microsoft Managed Control 1222 - Information System Component Inventory (fb39e62f-6bda-4558-8088-ec03d5670914)
remove Policy Microsoft Managed Control 1643 - Cryptographic Key Establishment And Management (6d8d492c-dd7a-46f7-a723-fa66a425b87c)
remove Policy Microsoft Managed Control 1563 - Allocation Of Resources (9afe2edf-232c-4fdf-8e6a-e867a5c525fd)
remove Policy Microsoft Managed Control 1463 - Monitoring Physical Access (59721f87-ae25-4db0-a2a4-77cc5b25d495)
remove Policy Microsoft Managed Control 1179 - Baseline Configuration | Reviews And Updates (3f9ce557-c8ab-4e6c-bb2c-9b8ed002c46c)
remove Policy Microsoft Managed Control 1207 - Access Restrictions For Change | Limit Production / Operational Privileges (8713a0ed-0d1e-4d10-be82-83dffb39830e)
remove Policy Microsoft Managed Control 1448 - Physical Access Authorizations (825d6494-e583-42f2-a3f2-6458e6f0004f)
remove Policy Microsoft Managed Control 1504 - Information Security Architecture (9e7c35d0-12d4-4e0c-80a2-8a352537aefd)
remove Policy Microsoft Managed Control 1383 - Incident Response Plan (d4558451-e16a-4d2d-a066-fe12a6282bb9)
remove Policy Microsoft Managed Control 1227 - Information System Component Inventory | Automated Unauthorized Component Detection (03b78f5e-4877-4303-b0f4-eb6583f25768)
remove Policy Microsoft Managed Control 1246 - Contingency Plan (398eb61e-8111-40d5-a0c9-003df28f1753)
remove Policy Microsoft Managed Control 1512 - Personnel Screening (5a8324ad-f599-429b-aaed-f9c6e8c987a8)
remove Policy Microsoft Managed Control 1181 - Baseline Configuration | Retention Of Previous Configurations (21839937-d241-4fa5-95c6-b669253d9ab9)
remove Policy Microsoft Managed Control 1398 - Controlled Maintenance (443e8f3d-b51a-45d8-95a7-18b0e42f4dc4)
remove Policy Microsoft Managed Control 1423 - Maintenance Personnel | Individuals Without Appropriate Access (7741669e-d4f6-485a-83cb-e70ce7cbbc20)
remove Policy Microsoft Managed Control 1356 - Incident Response Training | Simulated Events (8829f8f5-e8be-441e-85c9-85b72a5d0ef3)
remove Policy Microsoft Managed Control 1071 - Wireless Access Restrictions | Restrict Configurations By Users (1a437f5b-9ad6-4f28-8861-de404d511ae4)
remove Policy Microsoft Managed Control 1421 - Maintenance Personnel (e539caaa-da8c-41b8-9e1e-449851e2f7a6)
remove Policy Microsoft Managed Control 1170 - Penetration Testing (8b78b9b3-ee3c-48e0-a243-ed6dba5b7a12)
remove Policy Microsoft Managed Control 1078 - Use Of External Information Systems | Limits On Authorized Use (b25faf85-8a16-4f28-8e15-d05c0072d64d)
remove Policy Microsoft Managed Control 1010 - Account Management (784663a8-1eb0-418a-a98c-24d19bc1bb62)
remove Policy Microsoft Managed Control 1107 - Content Of Audit Records (b29ed931-8e21-4779-8458-27916122a904)
remove Policy Microsoft Managed Control 1203 - Access Restrictions For Change | Automated Access Enforcement / Auditing (f9012d14-e3e6-4d7b-b926-9f37b5537066)
remove Policy Microsoft Managed Control 1529 - Third-Party Personnel Security (d74fdc92-1cb8-4a34-9978-8556425cd14c)
remove Policy Microsoft Managed Control 1244 - Contingency Plan (6a13a8f8-c163-4b1b-8554-d63569dab937)
remove Policy Microsoft Managed Control 1681 - Malicious Code Protection | Automatic Updates (12623e7e-4736-4b2e-b776-c1600f35f93a)
remove Policy Microsoft Managed Control 1186 - Configuration Change Control (b95ba3bd-4ded-49ea-9d10-c6f4b680813d)
remove Policy Microsoft Managed Control 1644 - Cryptographic Key Establishment And Management | Availability (a7211477-c970-446b-b4af-062f37461147)
remove Policy Microsoft Managed Control 1070 - Wireless Access Restrictions | Disable Wireless Networking (68f837d0-8942-4b1e-9b31-be78b247bda8)
remove Policy Microsoft Managed Control 1261 - Contingency Plan Testing (65aeceb5-a59c-4cb1-8d82-9c474be5d431)
remove Policy Microsoft Managed Control 1144 - Security Assessments (2fa15ff1-a693-4ee4-b094-324818dc9a51)
remove Policy Microsoft Managed Control 1345 - Cryptographic Module Authentication (f86aa129-7c07-4aa4-bbf5-792d93ffd9ea)
remove Policy Microsoft Managed Control 1358 - Incident Response Testing (effbaeef-5bf4-400d-895e-ef8cbc0e64c7)
remove Policy Microsoft Managed Control 1096 - Role-Based Security Training | Practical Exercises (420c1477-aa43-49d0-bd7e-c4abdd9addff)
remove Policy Microsoft Managed Control 1483 - Water Damage Protection (5cb81060-3c8a-4968-bcdc-395a1801f6c1)
remove Policy Microsoft Managed Control 1138 - Audit Generation (9c284fc0-268a-4f29-af44-3c126674edb4)
remove Policy Microsoft Managed Control 1595 - Developer Configuration Management (1e0414e7-6ef5-4182-8076-aa82fbb53341)
remove Policy Microsoft Managed Control 1618 - Security Function Isolation (f52f89aa-4489-4ec4-950e-8c96a036baa9)
remove Policy Microsoft Managed Control 1157 - Plan Of Action And Milestones (15495367-cf68-464c-bbc3-f53ca5227b7a)
remove Policy Microsoft Managed Control 1467 - Visitor Access Records (5350cbf9-8bdd-4904-b22a-e88be84ca49d)
remove Policy Microsoft Managed Control 1101 - Audit And Accountability Policy And Procedures (7327b708-f0e0-457d-9d2a-527fcc9c9a65)
remove Policy Microsoft Managed Control 1632 - Boundary Protection | Prevent Split Tunneling For Remote Devices (4ce9073a-77fa-48f0-96b1-87aa8e6091c2)
remove Policy Microsoft Managed Control 1697 - Information System Monitoring | Analyze Traffic / Covert Exfiltration (f9873db2-18ad-46b3-a11a-1a1f8cbf0335)
remove Policy Microsoft Managed Control 1436 - Media Transport (28aab8b4-74fd-4b7c-9080-5a7be525d574)
remove Policy Microsoft Managed Control 1720 - Spam Protection (44b9a7cd-f36a-491a-a48b-6d04ae7c4221)
remove Policy Microsoft Managed Control 1457 - Physical Access Control (f2d9d3e6-8886-4305-865d-639163e5c305)
remove Policy Microsoft Managed Control 1417 - Remote Maintenance | Comparable Security / Sanitization (7522ed84-70d5-4181-afc0-21e50b1b6d0e)
remove Policy Microsoft Managed Control 1537 - Risk Assessment Policy And Procedures (b19454ca-0d70-42c0-acf5-ea1c1e5726d1)
remove Policy Microsoft Managed Control 1419 - Remote Maintenance | Cryptographic Protection (b6747bf9-2b97-45b8-b162-3c8becb9937d)
remove Policy Microsoft Managed Control 1240 - User-Installed Software (129eb39f-d79a-4503-84cd-92f036b5e429)
remove Policy Microsoft Managed Control 1539 - Security Categorization (aabb155f-e7a5-4896-a767-e918bfae2ee0)
remove Policy Microsoft Managed Control 1608 - Supply Chain Protection (b73b7b3b-677c-4a2a-b949-ad4dc4acd89f)
remove Policy Microsoft Managed Control 1109 - Content Of Audit Records | Centralized Management Of Planned Audit Record Content (7d9ffa23-ad92-4d0d-b1f4-7db274cc2aec)
remove Policy Microsoft Managed Control 1335 - Authenticator Management | Pki-Based Authentication (382016f3-d4ba-4e15-9716-55077ec4dc2a)
remove Policy Microsoft Managed Control 1589 - External Information System Services | Risk Assessments / Organizational Approvals (86ec7f9b-9478-40ff-8cfd-6a0d510081a8)
remove Policy Microsoft Managed Control 1018 - Account Management | Role-Based Schemes (c9121abf-e698-4ee9-b1cf-71ee528ff07f)
remove Policy Microsoft Managed Control 1517 - Personnel Termination (8f5ad423-50d6-4617-b058-69908f5586c9)
remove Policy Microsoft Managed Control 1609 - Development Process, Standards, And Tools (9e93fa71-42ac-41a7-b177-efbfdc53c69f)
remove Policy Microsoft Managed Control 1344 - Authenticator Feedback (2c895fe7-2d8e-43a2-838c-3a533a5b355e)
remove Policy Microsoft Managed Control 1213 - Configuration Settings | Respond To Unauthorized Changes (81f11e32-a293-4a58-82cd-134af52e2318)
remove Policy Microsoft Managed Control 1153 - System Interconnections (61cf3125-142c-4754-8a16-41ab4d529635)
remove Policy Microsoft Managed Control 1054 - Session Termination (5807e1b4-ba5e-4718-8689-a0ca05a191b2)
remove Policy Microsoft Managed Control 1594 - Developer Configuration Management (042ba2a1-8bb8-45f4-b080-c78cf62b90e9)
remove Policy Microsoft Managed Control 1349 - Identification And Authentication (Non-Organizational Users) | Use Of Ficam-Approved Products (17641f70-94cd-4a5d-a613-3d1143e20e34)
remove Policy Microsoft Managed Control 1195 - Configuration Change Control | Automated Document / Notification / Prohibition Of Changes (d1e1d65c-1013-4484-bd54-991332e6a0d2)
remove Policy Microsoft Managed Control 1505 - Information Security Architecture (813a10a7-3943-4fe3-8678-00dc52db5490)
remove Policy Microsoft Managed Control 1434 - Media Transport (2c18f06b-a68d-41c3-8863-b8cd3acb5f8f)
remove Policy Microsoft Managed Control 1492 - System Security Plan (7ad5f307-e045-46f7-8214-5bdb7e973737)
remove Policy Microsoft Managed Control 1057 - Permitted Actions Without Identification Or Authentication (78255758-6d45-4bf0-a005-7016bc03b13c)
remove Policy Microsoft Managed Control 1069 - Wireless Access Restrictions | Authentication And Encryption (91c97b44-791e-46e9-bad7-ab7c4949edbb)
remove Policy Microsoft Managed Control 1575 - Acquisitions Process | Functional Properties Of Security Controls (93e1bb73-1b08-4dbe-9c62-8e2e92e7ec41)
remove Policy Microsoft Managed Control 1405 - Maintenance Tools | Inspect Tools (fe1a0bf3-409a-4b00-b60d-0b1f917f7e7b)
remove Policy Microsoft Managed Control 1590 - External Information System Services | Risk Assessments / Organizational Approvals (bf296b8c-f391-4ea4-9198-be3c9d39dd1f)
remove Policy Microsoft Managed Control 1410 - Maintenance Tools | Prevent Unauthorized Removal (a2596a9f-e59f-420d-9625-6e0b536348be)
remove Policy Microsoft Managed Control 1403 - Controlled Maintenance | Automated Maintenance Activities (57149289-d52b-4f40-9fe6-5233c1ef80f7)
remove Policy Microsoft Managed Control 1540 - Security Categorization (f771f8cb-6642-45cc-9a15-8a41cd5c6977)
remove Policy Microsoft Managed Control 1656 - Secure Name / Address Resolution Service (Authoritative Source) (1cb067d5-c8b5-4113-a7ee-0a493633924b)
remove Policy Microsoft Managed Control 1039 - Least Privilege | Review Of User Privileges (3a7b9de4-a8a2-4672-914d-c5f6752aa7f9)
remove Policy Microsoft Managed Control 1007 - Account Management (17200329-bf6c-46d8-ac6d-abf4641c2add)
remove Policy Microsoft Managed Control 1627 - Boundary Protection | External Telecommunications Services (fd73310d-76fc-422d-bda4-3a077149f179)
remove Policy Microsoft Managed Control 1591 - External Information System Services | Identification Of Functions / Ports / Protocols... (f751cdb7-fbee-406b-969b-815d367cb9b3)
remove Policy Microsoft Managed Control 1665 - Process Isolation (5df3a55c-8456-44d4-941e-175f79332512)
remove Policy Microsoft Managed Control 1250 - Contingency Plan (8de614d8-a8b7-4f70-a62a-6d37089a002c)
remove Policy Microsoft Managed Control 1249 - Contingency Plan (d3bf4251-0818-42db-950b-afd5b25a51c2)
remove Policy Microsoft Managed Control 1550 - Vulnerability Scanning (902908fb-25a8-4225-a3a5-5603c80066c9)
remove Policy Microsoft Managed Control 1554 - Vulnerability Scanning | Discoverable Information (10984b4e-c93e-48d7-bf20-9c03b04e9eca)
remove Policy Microsoft Managed Control 1260 - Contingency Training | Simulated Events (42254fc4-2738-4128-9613-72aaa4f0d9c3)
remove Policy Microsoft Managed Control 1691 - Information System Monitoring | Automated Tools For Real-Time Analysis (71475fb4-49bd-450b-a1a5-f63894c24725)
remove Policy Microsoft Managed Control 1159 - Security Authorization (0925f098-7877-450b-8ba4-d1e55f2d8795)
remove Policy Microsoft Managed Control 1036 - Least Privilege | Non-Privileged Access For Nonsecurity Functions (9a16d673-8cf0-4dcf-b1d5-9b3e114fef71)
remove Policy Microsoft Managed Control 1557 - Vulnerability Scanning | Review Historic Audit Logs (36fbe499-f2f2-41b6-880e-52d7ea1d94a5)
remove Policy Microsoft Managed Control 1320 - Authenticator Management (6f54c732-71d4-4f93-a696-4e373eca3a77)
remove Policy Microsoft Managed Control 1401 - Controlled Maintenance (b78ee928-e3c1-4569-ad97-9f8c4b629847)
remove Policy Microsoft Managed Control 1602 - Developer Security Testing And Evaluation (ddae2e97-a449-499f-a1c8-aea4a7e52ec9)
remove Policy Microsoft Managed Control 1493 - System Security Plan (22b469b3-fccf-42da-aa3b-a28e6fb113ce)
remove Policy Microsoft Managed Control 1566 - System Development Life Cycle (50ad3724-e2ac-4716-afcc-d8eabd97adb9)
remove Policy Microsoft Managed Control 1724 - Error Handling (d07594d1-0307-4c08-94db-5d71ff31f0f6)
remove Policy Microsoft Managed Control 1470 - Emergency Shutoff (c89ba09f-2e0f-44d0-8095-65b05bd151ef)
remove Policy Microsoft Managed Control 1156 - Plan Of Action And Milestones (4d52e864-9a3b-41ee-8f03-520815fe5378)
remove Policy Microsoft Managed Control 1404 - Maintenance Tools (13d8f903-0cd6-449f-a172-50f6579c182b)
remove Policy Microsoft Managed Control 1459 - Access Control For Transmission Medium (75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0)
remove Policy Microsoft Managed Control 1329 - Authenticator Management | Password-Based Authentication (498f6234-3e20-4b6a-a880-cbd646d973bd)
remove Policy Microsoft Managed Control 1490 - Security Planning Policy And Procedures (9e61da80-0957-4892-b70c-609d5eaafb6b)
remove Policy Microsoft Managed Control 1004 - Account Management (c17822dc-736f-4eb4-a97d-e6be662ff835)
remove Policy Microsoft Managed Control 1501 - Rules Of Behavior (88817b58-8472-4f6c-81fa-58ce42b67f51)
remove Policy Microsoft Managed Control 1674 - Flaw Remediation | Time To Remediate Flaws / Benchmarks For Corrective Actions (93e9e233-dd0a-4bde-aea5-1371bce0e002)
remove Policy Microsoft Managed Control 1017 - Account Management | Inactivity Logout (0fc3db37-e59a-48c1-84e9-1780cedb409e)
remove Policy Microsoft Managed Control 1585 - Security Engineering Principles (d57f8732-5cdc-4cda-8d27-ab148e1f3a55)
remove Policy Microsoft Managed Control 1341 - Authenticator Management | Multiple Information System Accounts (34cb7e92-fe4c-4826-b51e-8cd203fa5d35)
remove Policy Microsoft Managed Control 1189 - Configuration Change Control (ee45e02a-4140-416c-82c4-fecfea660b9d)
remove Policy Microsoft Managed Control 1202 - Access Restrictions For Change (40a2a83b-74f2-4c02-ae65-f460a5d2792a)
remove Policy Microsoft Managed Control 1274 - Alternate Processing Site (2aee175f-cd16-4825-939a-a85349d96210)
remove Policy Microsoft Managed Control 1241 - User-Installed Software | Alerts For Unauthorized Installations (eca4d7b2-65e2-4e04-95d4-c68606b063c3)
remove Policy Microsoft Managed Control 1252 - Contingency Plan | Capacity Planning (a328fd72-8ff5-4f96-8c9c-b30ed95db4ab)
remove Policy Microsoft Managed Control 1124 - Audit Reduction And Report Generation (c10152dd-78f8-4335-ae2d-ad92cc028da4)
remove Policy Microsoft Managed Control 1502 - Rules Of Behavior | Social Media And Networking Restrictions (e901375c-8f01-4ac8-9183-d5312f47fe63)
remove Policy Microsoft Managed Control 1067 - Wireless Access Restrictions (5c5e54f6-0127-44d0-8b61-f31dc8dd6190)
remove Policy Microsoft Managed Control 1639 - Boundary Protection | Isolation Of Information System Components (78e8e649-50f6-4fe3-99ac-fedc2e63b03f)
remove Policy Microsoft Managed Control 1471 - Emergency Shutoff (7dd0e9ce-1772-41fb-a50a-99977071f916)
remove Policy Microsoft Managed Control 1011 - Account Management (7e6a54f3-883f-43d5-87c4-172dfd64a1f5)
remove Policy Microsoft Managed Control 1150 - Security Assessments | External Organizations (d630429d-e763-40b1-8fba-d20ba7314afb)
remove Policy Microsoft Managed Control 1478 - Fire Protection | Suppression Devices / Systems (f997df46-cfbb-4cc8-aac8-3fecdaf6a183)
remove Policy Microsoft Managed Control 1685 - Information System Monitoring (36b0ef30-366f-4b1b-8652-a3511df11f53)
remove Policy Microsoft Managed Control 1408 - Maintenance Tools | Prevent Unauthorized Removal (c5f56ac6-4bb2-4086-bc41-ad76344ba2c2)
remove Policy Microsoft Managed Control 1642 - Network Disconnect (53397227-5ee3-4b23-9e5e-c8a767ce6928)
remove Policy Microsoft Managed Control 1266 - Contingency Plan Testing | Alternate Processing Site (3b4a3eb2-c25d-40bf-ad41-5094b6f59cee)
remove Policy Microsoft Managed Control 1263 - Contingency Plan Testing (41472613-3b05-49f6-8fe8-525af113ce17)
remove Policy Microsoft Managed Control 1437 - Media Transport | Cryptographic Protection (6d1eb6ed-bf13-4046-b993-b9e2aef0f76c)
remove Policy Microsoft Managed Control 1279 - Telecommunications Services (7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0)
remove Policy Microsoft Managed Control 1299 - Identification And Authentication Policy And Procedures (fd4e54f7-9ab0-4bae-b6cc-457809948a89)
remove Policy Microsoft Managed Control 1126 - Audit Reduction And Report Generation | Automatic Processing (7f37f71b-420f-49bf-9477-9c0196974ecf)
remove Policy Microsoft Managed Control 1166 - Continuous Monitoring (bb02733d-3cc5-4bb0-a6cd-695ba2c2272e)
remove Policy Microsoft Managed Control 1630 - Boundary Protection | External Telecommunications Services (3643717a-3897-4bfd-8530-c7c96b26b2a0)
remove Policy Microsoft Managed Control 1384 - Information Spillage Response (79fbc228-461c-4a45-9004-a865ca0728a7)
remove Policy Microsoft Managed Control 1387 - Information Spillage Response (e3007185-3857-43a9-8237-06ca94f1084c)
remove Policy Microsoft Managed Control 1174 - Configuration Management Policy And Procedures (42a9a714-8fbb-43ac-b115-ea12d2bd652f)
remove Policy Microsoft Managed Control 1663 - Protection Of Information At Rest (60171210-6dde-40af-a144-bf2670518bfa)
remove Policy Microsoft Managed Control 1455 - Physical Access Control (068a88d4-e520-434e-baf0-9005a8164e6a)
remove Policy Microsoft Managed Control 1551 - Vulnerability Scanning | Update Tool Capability (5bbda922-0172-4095-89e6-5b4a0bf03af7)
remove Policy Microsoft Managed Control 1198 - Configuration Change Control | Security Representative (f56be5c3-660b-4c61-9078-f67cf072c356)
remove Policy Microsoft Managed Control 1191 - Configuration Change Control | Automated Document / Notification / Prohibition Of Changes (7f26a61b-a74d-467c-99cf-63644db144f7)
remove Policy Microsoft Managed Control 1351 - Incident Response Policy And Procedures (bcfb6683-05e5-4ce6-9723-c3fbe9896bdd)
remove Policy Microsoft Managed Control 1712 - Software & Information Integrity (44e543aa-41db-42aa-98eb-8a5eb1db53f0)
remove Policy Microsoft Managed Control 1446 - Physical And Environmental Protection Policy And Procedures (bf6850fe-abba-468e-9ef4-d09ec7d983cd)
remove Policy Microsoft Managed Control 1088 - Security Awareness And Training Policy And Procedures (1d50f99d-1356-49c0-934a-45f742ba7783)
remove Policy Microsoft Managed Control 1305 - User Identification And Authentication | Group Authentication (9d9166a8-1722-4b8f-847c-2cf3f2618b3d)
remove Policy Microsoft Managed Control 1610 - Development Process, Standards, And Tools (b9f3fb54-4222-46a1-a308-4874061f8491)
remove Policy Microsoft Managed Control 1336 - Authenticator Management | Pki-Based Authentication (77f56280-e367-432a-a3b9-8ca2aa636a26)
remove Policy Microsoft Managed Control 1612 - Developer Security Architecture And Design (a2037b3d-8b04-4171-8610-e6d4f1d08db5)
remove Policy Microsoft Managed Control 1022 - Account Management | Shared / Group Account Credential Termination (411f7e2d-9a0b-4627-a0b9-1700432db47d)
remove Policy Microsoft Managed Control 1379 - Incident Response Plan (9442dd2c-a07f-46cd-b55a-553b66ba47ca)
remove Policy Microsoft Managed Control 1065 - Remote Access | Privileged Commands / Access (f87b8085-dca9-4cf1-8f7b-9822b997797c)
remove Policy Microsoft Managed Control 1541 - Risk Assessment (70f6af82-7be6-44aa-9b15-8b9231b2e434)
remove Policy Microsoft Managed Control 1042 - Least Privilege | Auditing Use Of Privileged Functions (319dc4f0-0fed-4ac9-8fc3-7aeddee82c07)
remove Policy Microsoft Managed Control 1173 - Internal System Connections (c4aff9e7-2e60-46fa-86be-506b79033fc5)
remove Policy Microsoft Managed Control 1573 - Acquisitions Process (58c93053-7b98-4cf0-b99f-1beb985416c2)
remove Policy Microsoft Managed Control 1087 - Security Awareness And Training Policy And Procedures (100c82ba-42e9-4d44-a2ba-94b209248583)
remove Policy Microsoft Managed Control 1206 - Access Restrictions For Change | Limit Production / Operational Privileges (e0de232d-02a0-4652-872d-88afb4ae5e91)
remove Policy Microsoft Managed Control 1210 - Configuration Settings (3502c968-c490-4570-8167-1476f955e9b8)
remove Policy Microsoft Managed Control 1234 - Software Usage Restrictions (b293f881-361c-47ed-b997-bc4e2296bc0b)
remove Policy Microsoft Managed Control 1447 - Physical Access Authorizations (b9783a99-98fe-4a95-873f-29613309fe9a)
remove Policy Microsoft Managed Control 1510 - Position Categorization (79da5b09-0e7e-499e-adda-141b069c7998)
remove Policy Microsoft Managed Control 1695 - Information System Monitoring | Wireless Intrusion Detection (13fcf812-ec82-4eda-9b89-498de9efd620)
remove Policy Microsoft Managed Control 1105 - Audit Events (5b73f57b-587d-4470-a344-0b0ae805f459)
remove Policy Microsoft Managed Control 1546 - Vulnerability Scanning (2ce1ea7e-4038-4e53-82f4-63e8859333c1)
remove Policy Microsoft Managed Control 1475 - Emergency Lighting (34a63848-30cf-4081-937e-ce1a1c885501)
remove Policy Microsoft Managed Control 1509 - Position Categorization (70792197-9bfc-4813-905a-bd33993e327f)
2022-09-21 16:34:39 Description change: 'This initiative includes policies that address a subset of NIST SP 800-53 Rev. 4 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/nist800-53r4-initiative.' to 'National Institute of Standards and Technology (NIST) SP 800-53 R4 provides a standardized approach for assessing, monitoring and authorizing cloud computing products and services to manage information security risk.These policies address a subset of NIST SP 800-53 R4 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/nist800-53r4-initiative'
2022-08-18 16:32:47 Version change: '16.0.0' to '16.0.1'
2022-07-07 16:32:14 Version change: '15.0.0' to '16.0.0'
remove Policy [Deprecated]: Ensure that 'Java version' is the latest, if used as a part of the API app (88999f4c-376a-45c8-bcb3-4058f713cf39)
remove Policy [Deprecated]: CORS should not allow every resource to access your API App (358c20a6-3f9e-4f0e-97ff-c6ce485e2aac)
remove Policy [Deprecated]: API apps should have 'Client Certificates (Incoming client certificates)' enabled (0c192fe8-9cbb-4516-85b3-0ade8bd03886)
remove Policy [Deprecated]: Managed identity should be used in your API App (c4d441f8-f9d9-4a9e-9cef-e82117cb3eef)
remove Policy [Deprecated]: Remote debugging should be turned off for API Apps (e9c8d085-d9cc-4b17-9cdc-059f1f01f19e)
remove Policy [Deprecated]: Ensure that 'PHP version' is the latest, if used as a part of the API app (1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba)
remove Policy [Deprecated]: Ensure that 'HTTP Version' is the latest, if used to run the API app (991310cd-e9f3-47bc-b7b6-f57b557d07db)
remove Policy [Deprecated]: API apps that use Python should use the latest 'Python version' (74c3584d-afae-46f7-a20a-6f8adba71a16)
remove Policy [Deprecated]: FTPS only should be required in your API App (9a1b8c48-453a-4044-86c3-d8bfd823e4f5)
remove Policy [Deprecated]: Latest TLS version should be used in your API App (8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e)
2022-06-10 16:31:22 Version change: '14.0.0' to '15.0.0'
remove Policy [Deprecated]: API App should only be accessible over HTTPS (b7ddfbdc-1260-477d-91fd-98bd9be789a6)
2022-05-26 16:30:17 add Policy Azure SignalR Service should use private link (2393d2cf-a342-44cd-a2e2-fe0188fd1234)
add Policy Azure Web PubSub Service should use private link (eb907f70-7514-460d-92b3-a5ae93b4f917)
Version change: '12.0.0' to '14.0.0'
remove Policy [Deprecated]: Azure Cache for Redis should reside within a virtual network (7d092e0a-7acd-40d2-a975-dca21cae48c4)
remove Policy [Deprecated]: Azure Web PubSub Service should use private link (52630df9-ca7e-442b-853b-c6ce548b31a2)
remove Policy [Deprecated]: Azure SignalR Service should use private link (53503636-bcc9-4748-9663-5348217f160f)
2022-05-12 16:30:30 Version change: '11.0.0' to '12.0.0'
remove Policy [Deprecated]: Service principals should be used to protect your subscriptions instead of management certificates (6646a0bd-e110-40ca-bb97-84fcee63c414)
2022-03-18 16:32:42 Version change: '10.0.0' to '11.0.0'
2021-07-08 14:19:52 add Policy Kubernetes cluster containers should not share host process ID or host IPC namespace (47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8)
add Policy Azure HDInsight clusters should use encryption at host to encrypt data at rest (1fd32ebd-e4c3-4e13-a54a-d7422d4d95f6)
add Policy Azure Data Explorer encryption at rest should use a customer-managed key (81e74cea-30fd-40d5-802f-d72103c2aaaa)
add Policy IP Forwarding on your virtual machine should be disabled (bd352bd5-2853-4985-bf0d-73806b4a5744)
add Policy [Deprecated]: Azure Defender for Kubernetes should be enabled (523b5cd1-3e23-492f-a539-13118b6d1e3a)
add Policy Windows machines should meet requirements of the Azure compute security baseline (72650e9f-97bc-4b2a-ab5f-9781a9fcecbc)
add Policy Azure HDInsight clusters should use encryption in transit to encrypt communication between Azure HDInsight cluster nodes (d9da03a1-f3c3-412a-9709-947156872263)
add Policy Bot Service should be encrypted with a customer-managed key (51522a96-0869-4791-82f3-981000c2c67f)
add Policy Azure Cognitive Search service should use a SKU that supports private link (a049bf77-880b-470f-ba6d-9f21c530cf83)
add Policy Kubernetes cluster pod hostPath volumes should only use allowed host paths (098fc59e-46c7-4d99-9b16-64990e543d75)
add Policy Azure Synapse workspaces should use private link (72d11df1-dd8a-41f7-8925-b05b960ebafc)
add Policy Resource logs in Key Vault should be enabled (cf820ca0-f99e-4f3e-84fb-66e913812d21)
add Policy Azure Service Bus namespaces should use private link (1c06e275-d63d-4540-b761-71f364c2111d)
add Policy Vulnerability assessment should be enabled on your Synapse workspaces (0049a6b3-a662-4f3e-8635-39cf44ace45a)
add Policy Saved-queries in Azure Monitor should be saved in customer storage account for logs encryption (fa298e57-9444-42ba-bf04-86e8470e32c7)
add Policy Azure API for FHIR should use private link (1ee56206-5dd1-42ab-b02d-8aae8b1634ce)
add Policy Resource logs in Search services should be enabled (b4330a05-a843-4bc8-bf9a-cacce50c67f4)
add Policy Private endpoint should be enabled for MySQL servers (7595c971-233d-4bcf-bd18-596129188c49)
add Policy Kubernetes clusters should not allow container privilege escalation (1c6e92c9-99f0-4e55-9cf2-0c234dc48f99)
add Policy Role-Based Access Control (RBAC) should be used on Kubernetes Services (ac4a19c2-fa67-49b4-8ae5-0b2e78c49457)
add Policy [Preview]: Azure Recovery Services vaults should use customer-managed keys for encrypting backup data (2e94d99a-8a36-4563-bc77-810d8893b671)
add Policy Azure data factories should be encrypted with a customer-managed key (4ec52d6d-beb7-40c4-9a9e-fe753254690e)
add Policy Cognitive Services accounts should enable data encryption with a customer-managed key (67121cc7-ff39-4ab8-b7e3-95b84dab487d)
add Policy App Service apps should require FTPS only (4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b)
add Policy SQL servers on machines should have vulnerability findings resolved (6ba6d016-e7c3-4842-b8f2-4992ebc0d72d)
add Policy Private endpoint should be enabled for MariaDB servers (0a1302fb-a631-4106-9753-f3d494733990)
add Policy App Service apps that use PHP should use the latest 'PHP version' (7261b898-8a84-4db8-9e04-18527132abb3)
add Policy Vulnerability assessment should be enabled on your SQL servers (ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9)
add Policy Azure Container Instance container group should use customer-managed key for encryption (0aa61e00-0a01-4a3c-9945-e93cffedf0e6)
add Policy Geo-redundant storage should be enabled for Storage Accounts (bf045164-79ba-4215-8f95-f8048dc1780b)
add Policy Container registry images should have vulnerability findings resolved (5f0f936f-2f01-4bf5-b6be-d423792fa562)
add Policy Geo-redundant backup should be enabled for Azure Database for MySQL (82339799-d096-41ae-8538-b108becf0970)
add Policy Public network access should be disabled for MariaDB servers (fdccbe47-f3e3-4213-ad5d-ea459b2fa077)
add Policy Function apps should use latest 'HTTP Version' (e2c1c086-2d84-4019-bff3-c44ccd95113c)
add Policy API Management services should use a virtual network (ef619a2c-cc4d-4d03-b2ba-8c94a834d85b)
add Policy Kubernetes cluster containers should run with a read only root file system (df49d893-a74c-421d-bc95-c663042e5b80)
add Policy Function apps that use Python should use the latest 'Python version' (7238174a-fd10-4ef0-817e-fc820a951d73)
add Policy Container registries should be encrypted with a customer-managed key (5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580)
add Policy SQL servers with auditing to storage account destination should be configured with 90 days retention or higher (89099bee-89e0-4b26-a5f4-165451757743)
add Policy Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys (7d7be79c-23ba-4033-84dd-45e2a5ccdd67)
add Policy Resource logs in Data Lake Analytics should be enabled (c95c74d9-38fe-4f0d-af86-0c7d626a315c)
add Policy Management ports should be closed on your virtual machines (22730e10-96f6-4aac-ad84-9383d35b5917)
add Policy [Deprecated]: Managed identity should be used in your API App (c4d441f8-f9d9-4a9e-9cef-e82117cb3eef)
add Policy CosmosDB accounts should use private link (58440f8a-10c5-4151-bdce-dfbaad4a20b7)
add Policy Kubernetes cluster containers should only use allowed images (febd0533-8e55-448f-b837-bd0e06f16469)
add Policy Resource logs in Service Bus should be enabled (f8d36e2f-389b-4ee4-898d-21aeb69a0f45)
add Policy Double encryption should be enabled on Azure Data Explorer (ec068d99-e9c7-401f-8cef-5bdde4e6ccf1)
add Policy Resource logs in Logic Apps should be enabled (34f95f76-5386-4de7-b824-0d8478470c9d)
add Policy Function apps should not have CORS configured to allow every resource to access your apps (0820b7b9-23aa-4725-a1ce-ae4558f718e5)
add Policy Log Analytics agent should be installed on your virtual machine scale sets for Azure Security Center monitoring (a3a6ea0c-e018-4933-9ef0-5aaa1501449b)
add Policy Cognitive Services accounts should restrict network access (037eea7a-bd0a-46c5-9a66-03aea78705d3)
add Policy [Deprecated]: Ensure that 'PHP version' is the latest, if used as a part of the API app (1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba)
add Policy Private endpoint should be enabled for PostgreSQL servers (0564d078-92f5-4f97-8398-b9f58a51f70b)
add Policy Kubernetes clusters should be accessible only over HTTPS (1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d)
add Policy Non-internet-facing virtual machines should be protected with network security groups (bb91dfba-c30d-4263-9add-9c2384e659a6)
add Policy [Deprecated]: Service principals should be used to protect your subscriptions instead of management certificates (6646a0bd-e110-40ca-bb97-84fcee63c414)
add Policy Azure API for FHIR should use a customer-managed key to encrypt data at rest (051cba44-2429-45b9-9649-46cec11c7119)
add Policy Disk encryption should be enabled on Azure Data Explorer (f4b53539-8df9-40e4-86c6-6b607703bd4e)
add Policy [Deprecated]: Azure Defender for container registries should be enabled (c25d9a16-bc35-4e15-a7e5-9db606bf9ed4)
add Policy App Service apps that use Java should use the latest 'Java version' (496223c3-ad65-4ecd-878a-bae78737e9ed)
add Policy Azure Event Grid domains should use private link (9830b652-8523-49cc-b1b3-e17dce1127ca)
add Policy Kubernetes cluster services should listen only on allowed ports (233a2a17-77ca-4fb1-9b6b-69223d272a44)
add Policy Azure Monitor Logs clusters should be created with infrastructure-encryption enabled (double encryption) (ea0dfaed-95fb-448c-934e-d6e713ce393d)
add Policy Resource logs in Azure Stream Analytics should be enabled (f9be5368-9bf5-4b84-9e0a-7850da98bb46)
add Policy Key vaults should have purge protection enabled (0b60c0b2-2dc2-4e1c-b5c9-abbed971de53)
add Policy Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest (1f905d99-2ab7-462c-a6b0-f709acca6c8f)
add Policy Automation account variables should be encrypted (3657f5a0-770e-44a3-b44e-9431ba1e9735)
add Policy Private endpoint connections on Azure SQL Database should be enabled (7698e800-9299-47a6-b3b6-5a0fee576eed)
add Policy Key Vault keys should have an expiration date (152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0)
add Policy Auto provisioning of the Log Analytics agent should be enabled on your subscription (475aae12-b88a-4572-8b36-9b712b2b3a17)
add Policy Storage accounts should have infrastructure encryption (4733ea7b-a883-42fe-8cac-97454c2a9e4a)
add Policy [Deprecated]: Azure Machine Learning workspaces should use private link (40cec1dd-a100-4920-b15b-3024fe8901ab)
add Policy [Deprecated]: Ensure that 'Java version' is the latest, if used as a part of the API app (88999f4c-376a-45c8-bcb3-4058f713cf39)
add Policy Event Hub namespaces should use private link (b8564268-eb4a-4337-89be-a19db070c59d)
add Policy Container registries should not allow unrestricted network access (d0793b48-0edc-4296-a390-4c75d1bdfd71)
add Policy Azure Batch account should use customer-managed keys to encrypt data (99e9ccd8-3db9-4592-b0d1-14b1715a4d8a)
add Policy Vulnerability assessment should be enabled on SQL Managed Instance (1b7aa243-30e4-4c9e-bca8-d0d3022b634a)
add Policy MySQL servers should use customer-managed keys to encrypt data at rest (83cef61d-dbd1-4b20-a4fc-5fbc7da10833)
add Policy Kubernetes cluster should not allow privileged containers (95edb821-ddaf-4404-9732-666045e056b4)
add Policy [Deprecated]: FTPS only should be required in your API App (9a1b8c48-453a-4044-86c3-d8bfd823e4f5)
add Policy Azure Defender for Storage should be enabled (308fbb08-4ab8-4e67-9b29-592e93fb94fa)
add Policy Guest Configuration extension should be installed on your machines (ae89ebca-1c92-4898-ac2c-9f63decb045c)
add Policy [Deprecated]: Private endpoint should be configured for Key Vault (5f0bc445-3935-4915-9981-011aa2b46147)
add Policy Kubernetes cluster pods should only use approved host network and port range (82985f06-dc18-4a48-bc1c-b9f4f0098cfe)
add Policy Resource logs in Batch accounts should be enabled (428256e6-1fac-4f48-a757-df34c2b3336d)
add Policy Azure HDInsight clusters should use customer-managed keys to encrypt data at rest (64d314f6-6062-4780-a861-c23e8951bee5)
add Policy Azure Data Box jobs should enable double encryption for data at rest on the device (c349d81b-9985-44ae-a8da-ff98d108ede8)
add Policy Geo-redundant backup should be enabled for Azure Database for MariaDB (0ec47710-77ff-4a3d-9181-6aa50af424d0)
add Policy Virtual machines and virtual machine scale sets should have encryption at host enabled (fc4d8e41-e223-45ea-9bf5-eada37891d87)
add Policy [Preview]: Network traffic data collection agent should be installed on Linux virtual machines (04c4380f-3fae-46e8-96c9-30193528f602)
add Policy Function apps should use the latest TLS version (f9d614c5-c173-4d56-95a7-b4437057d193)
add Policy Key Vault secrets should have an expiration date (98728c90-32c7-4049-8429-847dc0f4fe37)
add Policy Log Analytics agent should be installed on your virtual machine for Azure Security Center monitoring (a4fe33eb-e377-4efb-ab31-0784311bc499)
add Policy Azure Cache for Redis should use private link (7803067c-7d34-46e3-8c79-0ca68fc4036d)
add Policy Storage accounts should use private link (6edd7eda-6dd8-40f7-810d-67160c639cd9)
add Policy HPC Cache accounts should use customer-managed key for encryption (970f84d8-71b6-4091-9979-ace7e3fb6dbb)
add Policy App Service apps should use managed identity (2b9ad585-36bc-4615-b300-fd4435808332)
add Policy Azure Defender for Azure SQL Database servers should be enabled (7fe3b40f-802b-4cdd-8bd4-fd799c948cc2)
add Policy Windows Defender Exploit Guard should be enabled on your machines (bed48b13-6647-468e-aa2f-1af1d3f4dd40)
add Policy [Deprecated]: API apps that use Python should use the latest 'Python version' (74c3584d-afae-46f7-a20a-6f8adba71a16)
add Policy Virtual machines should be migrated to new Azure Resource Manager resources (1d84d5fb-01f6-4d12-ba4f-4a26081d403d)
add Policy App Service apps that use Python should use the latest 'Python version' (7008174a-fd10-4ef0-817e-fc820a951d73)
add Policy Azure Event Grid topics should use private link (4b90e17e-8448-49db-875e-bd83fb6f804f)
add Policy Azure Cognitive Search services should use private link (0fda3595-9f2b-4592-8675-4231d6fa82fe)
add Policy [Preview]: All Internet traffic should be routed via your deployed Azure Firewall (fc5e4038-4584-4632-8c85-c0448d374b2c)
add Policy App Service Environment should have internal encryption enabled (fb74e86f-d351-4b8d-b034-93da7391c01f)
add Policy Subscriptions should have a contact email address for security issues (4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7)
add Policy Azure Machine Learning workspaces should be encrypted with a customer-managed key (ba769a63-b8cc-4b2d-abf6-ac33c7204be8)
add Policy Email notification for high severity alerts should be enabled (6e2593d9-add6-4083-9c9b-4b7d2188c899)
add Policy [Deprecated]: SQL managed instances should use customer-managed keys to encrypt data at rest (048248b0-55cd-46da-b1ff-39efd52db260)
add Policy Public network access should be disabled for MySQL servers (d9844e8a-1437-4aeb-a32c-0c992f056095)
add Policy Function apps should have 'Client Certificates (Incoming client certificates)' enabled (eaebaea7-8013-4ceb-9d14-7eb32271373c)
add Policy Geo-redundant backup should be enabled for Azure Database for PostgreSQL (48af4db5-9b8b-401c-8e74-076be876a430)
add Policy Authorized IP ranges should be defined on Kubernetes Services (0e246bcf-5f6f-4f87-bc6f-775d4712c7ea)
add Policy [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) (47031206-ce96-41f8-861b-6a915f3de284)
add Policy Azure Data Factory should use private link (8b0323be-cc25-4b61-935d-002c3798c6ea)
add Policy [Deprecated]: Ensure that 'HTTP Version' is the latest, if used to run the API app (991310cd-e9f3-47bc-b7b6-f57b557d07db)
add Policy [Deprecated]: Azure Cache for Redis should reside within a virtual network (7d092e0a-7acd-40d2-a975-dca21cae48c4)
add Policy Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits (e345eecc-fa47-480f-9e88-67dcc122b164)
add Policy [Deprecated]: Diagnostic logs in App Services should be enabled (b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0)
add Policy Event Hub namespaces should use a customer-managed key for encryption (a1ad735a-e96f-45d2-a7b2-9a4932cab7ec)
add Policy [Deprecated]: CORS should not allow every resource to access your API App (358c20a6-3f9e-4f0e-97ff-c6ce485e2aac)
add Policy Enforce SSL connection should be enabled for PostgreSQL database servers (d158790f-bfb0-486c-8631-2dc6b4e8e6af)
add Policy Infrastructure encryption should be enabled for Azure Database for MySQL servers (3a58212a-c829-4f13-9872-6371df2fd0b4)
add Policy [Deprecated]: Log Analytics agent health issues should be resolved on your machines (d62cfe2b-3ab0-4d41-980d-76803b58ca65)
add Policy Function apps should require FTPS only (399b2637-a50f-4f95-96f8-3a145476eb15)
add Policy Container registries should use private link (e8eef0a8-67cf-4eb4-9386-14b0e78733d4)
add Policy Email notification to subscription owner for high severity alerts should be enabled (0b15565f-aa9e-48ba-8619-45960f2c314d)
add Policy [Deprecated]: Kubernetes cluster containers should only listen on allowed ports (440b515e-a580-421e-abeb-b159a61ddcbc)
add Policy Key vaults should have soft delete enabled (1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d)
add Policy Managed disks should be double encrypted with both platform-managed and customer-managed keys (ca91455f-eace-4f96-be59-e6e2c35b4816)
add Policy OS and data disks should be encrypted with a customer-managed key (702dd420-7fcc-42c5-afe8-4026edd20fe0)
add Policy [Deprecated]: SQL servers should use customer-managed keys to encrypt data at rest (0d134df8-db83-46fb-ad72-fe0c9428c8dd)
add Policy [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines (842c54e8-c2f9-4d79-ae8d-38d8b8019373)
add Policy [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed (8dfab9c4-fe7b-49ad-85e4-1e9be085358f)
add Policy Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password (86efb160-8de7-451d-bc08-5d475b0aadae)
add Policy App Service apps should use the latest TLS version (f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b)
add Policy Storage accounts should use customer-managed key for encryption (6fac406b-40ca-413b-bf8e-0bf964659c25)
add Policy Allowlist rules in your adaptive application control policy should be updated (123a3936-f020-408a-ba0c-47873faf1534)
add Policy [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines (d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e)
add Policy Resource logs in Azure Data Lake Store should be enabled (057ef27e-665e-4328-8ea3-04b3122bd9fb)
add Policy Azure Defender for Resource Manager should be enabled (c3d20c29-b36d-48fe-808b-99a87530ad99)
add Policy Temp disks and cache for agent node pools in Azure Kubernetes Service clusters should be encrypted at host (41425d9f-d1a5-499a-9932-f8ed8453932c)
add Policy Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters (0a15ec92-a229-4763-bb14-0ea34a568f8d)
add Policy Public network access on Azure SQL Database should be disabled (1b8ca024-1d5c-4dec-8995-b1a932b41780)
add Policy Cognitive Services accounts should have local authentication methods disabled (71ef260a-8f18-47b7-abcb-62d0673d94dc)
add Policy Azure Synapse workspaces should use customer-managed keys to encrypt data at rest (f7d52b2d-e161-4dfa-a82b-55e564167385)
add Policy Azure Key Vault should have firewall enabled (55615ac9-af46-4a59-874e-391cc3dfb490)
add Policy [Deprecated]: Latest TLS version should be used in your API App (8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e)
add Policy Azure Automation accounts should use customer-managed keys to encrypt data at rest (56a5ee18-2ae6-4810-86f7-18e39ce5629b)
add Policy Function apps that use Java should use the latest 'Java version' (9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc)
add Policy Resource logs in Event Hub should be enabled (83a214f7-d01a-484b-91a9-ed54470c9a6a)
add Policy Kubernetes cluster containers should only use allowed capabilities (c26596ff-4d70-4e6a-9a30-c2506bd2f80c)
add Policy [Deprecated]: Sensitive data in your SQL databases should be classified (cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349)
add Policy Subnets should be associated with a Network Security Group (e71308d3-144b-4262-b144-efdc3cc90517)
add Policy Azure File Sync should use private link (1d320205-c6a1-4ac6-873d-46224024e8e2)
add Policy App Service apps should have 'Client Certificates (Incoming client certificates)' enabled (5bb220d9-2698-4ee4-8404-b9c30c9df609)
add Policy Enforce SSL connection should be enabled for MySQL database servers (e802a67a-daf5-4436-9ea6-f6d821dd0c5d)
add Policy Azure Defender for App Service should be enabled (2913021d-f2fd-4f3d-b958-22354e2bdbcb)
add Policy Azure Defender for DNS should be enabled (bdc59948-5574-49b3-bb91-76b7c986428d)
add Policy Azure Defender for SQL servers on machines should be enabled (6581d072-105e-4418-827f-bd446d56421b)
add Policy Azure Cosmos DB accounts should have firewall rules (862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb)
add Policy Public network access should be disabled for PostgreSQL servers (b52376f7-9612-48a1-81cd-1ffe4b61032c)
add Policy Azure Web Application Firewall should be enabled for Azure Front Door entry-points (055aa869-bc98-4af8-bafc-23f1ab6ffe2c)
add Policy Service Bus Premium namespaces should use a customer-managed key for encryption (295fc8b1-dc9f-4f53-9c61-3f313ceab40a)
add Policy App Configuration should use private link (ca610c1d-041c-4332-9d88-7ed3094967c7)
add Policy [Preview]: Network traffic data collection agent should be installed on Windows virtual machines (2f2ee1de-44aa-4762-b6bd-0893fc3f306d)
add Policy VM Image Builder templates should use private link (2154edb9-244f-4741-9970-660785bccdaa)
add Policy Kubernetes cluster containers should only use allowed AppArmor profiles (511f5417-5d12-434d-ab2e-816901e72a5e)
add Policy Web Application Firewall (WAF) should be enabled for Application Gateway (564feb30-bf6a-4854-b4bb-0d2d2d1e6c66)
add Policy Azure Stream Analytics jobs should use customer-managed keys to encrypt data (87ba29ef-1ab3-4d82-b763-87fcd4f531f7)
add Policy [Preview]: Storage account public access should be disallowed (4fa4b6c0-31ca-4c0d-b10d-24b96f62a751)
add Policy Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version (fb893a29-21bb-418c-a157-e99480ec364c)
add Policy Azure Monitor Logs clusters should be encrypted with customer-managed key (1f68a601-6e6d-4e42-babf-3f643a047ea2)
add Policy [Deprecated]: API apps should have 'Client Certificates (Incoming client certificates)' enabled (0c192fe8-9cbb-4516-85b3-0ade8bd03886)
add Policy Cognitive Services should use private link (cddd188c-4b82-4c48-a19d-ddf74ee66a01)
add Policy App Service apps should use latest 'HTTP Version' (8c122334-9d20-4eb8-89ea-ac9a705b74ae)
add Policy Azure Backup should be enabled for Virtual Machines (013e242c-8828-4970-87b3-ab247555486d)
add Policy Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity (d26f7642-7545-4e18-9b75-8c9bbdee3a9a)
add Policy Logic Apps Integration Service Environment should be encrypted with customer-managed keys (1fafeaf6-7927-4059-a50a-8eb2a7a6f2b5)
add Policy Azure Defender for servers should be enabled (4da35fc9-c9e7-4960-aec9-797fe7d9051d)
add Policy Storage accounts should be migrated to new Azure Resource Manager resources (37e0d2fe-28a5-43d6-a273-67d37d1f5606)
add Policy Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign (617c02be-7f02-4efd-8836-3180d47b6c68)
add Policy [Preview]: Certificates should have the specified maximum validity period (0a075868-4c26-42ef-914c-5bc007359560)
add Policy Network Watcher should be enabled (b6e2945c-0b7b-40f5-9233-7a5323b5cdc6)
add Policy [Deprecated]: Azure SignalR Service should use private link (53503636-bcc9-4748-9663-5348217f160f)
add Policy Storage accounts should restrict network access using virtual network rules (2a1a9cdf-e04d-429a-8416-3bfb72a1b26f)
add Policy Function apps should use managed identity (0da106f2-4ca3-48e8-bc85-c638fe6aea8f)
add Policy Cognitive Services accounts should disable public network access (0725b4dd-7e76-479c-a735-68e7ee23d5ca)
add Policy Resource logs in IoT Hub should be enabled (383856f8-de7f-44a2-81fc-e5135b5c2aa4)
add Policy Long-term geo-redundant backup should be enabled for Azure SQL Databases (d38fc420-0735-4ef3-ac11-c806f651a570)
add Policy PostgreSQL servers should use customer-managed keys to encrypt data at rest (18adea5e-f416-4d0f-8aa8-d24321e3e274)
add Policy Linux machines should meet requirements for the Azure compute security baseline (fc9b3da7-8347-4380-8e70-0a0361d8dedd)
add Policy Authentication to Linux machines should require SSH keys (630c64f9-8b6b-4c64-b511-6544ceff6fd6)
add Policy Vulnerabilities in container security configurations should be remediated (e8cbc669-f12d-49eb-93e7-9273119e9933)
add Policy Azure Cognitive Search services should disable public network access (ee980b6d-0eca-4501-8d54-f6290fd512c3)
add Policy Azure Stack Edge devices should use double-encryption (b4ac1030-89c5-4697-8e00-28b5ba6a8811)
add Policy Storage account encryption scopes should use customer-managed keys to encrypt data at rest (b5ec538c-daa0-4006-8596-35468b9148e8)
add Policy Kubernetes cluster pods and containers should only run with approved user and group IDs (f06ddb64-5fa3-4b77-b166-acb36f7f6042)
add Policy IoT Hub device provisioning service instances should use private link (df39c015-56a4-45de-b4a3-efe77bed320d)
add Policy Azure Spring Cloud should use network injection (af35e2a4-ef96-44e7-a9ae-853dd97032c4)
add Policy Internet-facing virtual machines should be protected with network security groups (f6de0be7-9a8a-4b8a-b349-43cf02d22f7c)
add Policy Infrastructure encryption should be enabled for Azure Database for PostgreSQL servers (24fba194-95d6-48c0-aea7-f65bf859c598)
add Policy [Deprecated]: Resource logs in Virtual Machine Scale Sets should be enabled (7c1b1214-f927-48bf-8882-84f0af6588b1)
add Policy Disk access resources should use private link (f39f5f49-4abf-44de-8c70-0756997bfb51)
add Policy [Deprecated]: Azure Web PubSub Service should use private link (52630df9-ca7e-442b-853b-c6ce548b31a2)
add Policy Azure Defender for Key Vault should be enabled (0e6763cc-5078-4e64-889d-ff4d9a839047)
remove Policy [Preview]: Log Analytics Extension should be enabled for listed virtual machine images (32133ab0-ee4b-4b44-98d6-042180979d50)
remove Policy Audit Windows machines missing any of specified members in the Administrators group (30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7)
remove Policy Audit diagnostic setting for selected resource types (7f89b1eb-583c-429a-8828-af049802c1d9)
remove Policy Audit Windows machines that have the specified members in the Administrators group (69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f)
remove Policy Virtual machines should be connected to a specified workspace (f47b5582-33ec-4c5c-87c0-b010a6b2e917)
remove Policy Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images (5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138)
2021-01-22 09:14:56 add Policy A vulnerability assessment solution should be enabled on your virtual machines (501541f7-f7e7-4cd6-868c-4190fdad3ac9)
remove Policy [Deprecated]: Vulnerabilities should be remediated by a Vulnerability Assessment solution (760a85ff-6162-42b3-8d70-698e268f648c)
2020-09-09 11:24:08 add Policy Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs (385f5831-96d4-41db-9a3c-cd3af78aaae6)
add Policy Audit Windows machines that have the specified members in the Administrators group (69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f)
add Policy Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity (497dff13-db2a-4c0f-8603-28fa3b331ab6)
add Policy Audit Windows machines that do not store passwords using reversible encryption (da0f98fe-a24b-4ad5-af69-bd0400233661)
add Policy Audit Windows machines that allow re-use of the previous 24 passwords (5b054a0d-39e2-4d53-bea3-9734cad2c69b)
add Policy Audit Linux machines that do not have the passwd file permissions set to 0644 (e6955644-301c-44b5-a4c4-528577de6861)
add Policy Audit Windows machines missing any of specified members in the Administrators group (30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7)
add Policy Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs (331e8ea8-378a-410f-a2e5-ae22f38bb0da)
add Policy Audit Linux machines that have accounts without passwords (f6ec09a3-78bf-4f8f-99dc-6c77182d0f99)
add Policy Audit Linux machines that allow remote connections from accounts without passwords (ea53dbee-c6c9-4f0e-9f9e-de0039b78023)
add Policy Audit Windows machines that do not restrict the minimum password length to 14 characters (a2d0e922-65d0-40c4-8f87-ea6da2d307a2)
add Policy Audit Windows machines that do not have a maximum password age of 70 days (4ceb8dc2-559c-478b-a15b-733fbf1e3738)
add Policy Windows web servers should be configured to use secure communication protocols (5752e6d6-1206-46d8-8ab1-ecc2f71a8112)
add Policy Audit Windows machines that do not have a minimum password age of 1 day (237b38db-ca4d-4259-9e47-7882441ca2c0)
add Policy Audit Windows machines that do not have the password complexity setting enabled (bf16e0bb-31e1-4646-8202-60a235cc7e74)
add Policy Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities (3cf2ab00-13f1-4d0c-8971-2ac904541a7e)
remove Policy [Deprecated]: Show audit results from Windows VMs that do not have the password complexity setting enabled (f48b2913-1dc5-4834-8c72-ccc1dfd819bb)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows web servers that are not using secure communication protocols (b2fc8f91-866d-4434-9089-5ebfe38d6fd8)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs that do not have the password complexity setting enabled (7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8)
remove Policy [Deprecated]: Show audit results from Windows VMs that do not restrict the minimum password length to 14 characters (5aebc8d1-020d-4037-89a0-02043a7524ec)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs if the Administrators group contains any of the specified members (144f1397-32f9-4598-8c88-118decc3ccba)
remove Policy [Deprecated]: Show audit results from Windows VMs that do not store passwords using reversible encryption (2d60d3b7-aa10-454c-88a8-de39d99d17c6)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs that allow re-use of the previous 24 passwords (726671ac-c4de-4908-8c7d-6043ae62e3b6)
remove Policy [Deprecated]: Deploy prerequisites to audit Linux VMs that allow remote connections from accounts without passwords (ec49586f-4939-402d-a29e-6ff502b20592)
remove Policy [Deprecated]: Show audit results from Linux VMs that have accounts without passwords (c40c9087-1981-4e73-9f53-39743eda9d05)
remove Policy [Deprecated]: Show audit results from Windows VMs that allow re-use of the previous 24 passwords (cdbf72d9-ac9c-4026-8a3a-491a5ac59293)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs that do not have a maximum password age of 70 days (356a906e-05e5-4625-8729-90771e0ee934)
remove Policy [Deprecated]: Deploy prerequisites to audit Linux VMs that do not have the passwd file permissions set to 0644 (f19aa1c1-6b91-4c27-ae6a-970279f03db9)
remove Policy [Deprecated]: Show audit results from Windows VMs if the Administrators group doesn't contain all of the specified members (f3b44e5d-1456-475f-9c67-c66c4618e85a)
remove Policy [Deprecated]: Show audit results from Windows web servers that are not using secure communication protocols (60ffe3e2-4604-4460-8f22-0f1da058266c)
remove Policy [Deprecated]: Show audit results from Windows VMs that do not have a minimum password age of 1 day (5aa11bbc-5c76-4302-80e5-aba46a4282e7)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs that do not store passwords using reversible encryption (8ff0b18b-262e-4512-857a-48ad0aeb9a78)
remove Policy [Deprecated]: Deploy prerequisites to audit Linux VMs that have accounts without passwords (3470477a-b35a-49db-aca5-1073d04524fe)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs that do not have a minimum password age of 1 day (16390df4-2f73-4b42-af13-c801066763df)
remove Policy [Deprecated]: Show audit results from Linux VMs that do not have the passwd file permissions set to 0644 (b18175dd-c599-4c64-83ba-bb018a06d35b)
remove Policy [Deprecated]: Show audit results from Linux VMs that allow remote connections from accounts without passwords (2d67222d-05fd-4526-a171-2ee132ad9e83)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs if the Administrators group doesn't contain all the specified members (93507a81-10a4-4af0-9ee2-34cf25a96e98)
remove Policy [Deprecated]: Show audit results from Windows VMs that do not have a maximum password age of 70 days (24dde96d-f0b1-425e-884f-4a1421e2dcdc)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs that do not restrict the minimum password length to 14 characters (23020aa6-1135-4be2-bae2-149982b06eca)
remove Policy [Deprecated]: Show audit results from Windows VMs if the Administrators group contains any of the specified members (bde62c94-ccca-4821-a815-92c1d31a76de)
2020-06-16 14:55:25 Description change: 'This initiative includes audit and VM Extension deployment policies that address a subset of NIST SP 800-53 R4 controls. Additional policies will be added in upcoming releases. For more information, please visit https://aka.ms/nist80053-blueprint.' to 'This initiative includes audit and virtual machine extension deployment policies that address a subset of NIST SP 800-53 R4 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/nist80053-blueprint.'
Name change: '[Preview]: Audit NIST SP 800-53 R4 controls and deploy specific VM Extensions to support audit requirements' to 'NIST SP 800-53 R4'
2020-02-20 08:25:18 remove Policy [Deprecated]: Web ports should be restricted on Network Security Groups associated to your VM (201ea587-7c90-41c3-910f-c280ae01cfd6)
2019-11-21 16:22:58 add Policy Microsoft Managed Control 1576 - Acquisitions Process | Design / Implementation Information For Security Controls (5f18c885-ade3-48c5-80b1-8f9216019c18)
add Policy Microsoft Managed Control 1446 - Physical And Environmental Protection Policy And Procedures (bf6850fe-abba-468e-9ef4-d09ec7d983cd)
add Policy Microsoft Managed Control 1698 - Information System Monitoring | Individuals Posing Greater Risk (31b752c1-05a9-432a-8fce-c39b56550119)
add Policy Microsoft Managed Control 1058 - Permitted Actions Without Identification Or Authentication (76e85d08-8fbb-4112-a1c1-93521e6a9254)
add Policy Microsoft Managed Control 1629 - Boundary Protection | External Telecommunications Services (c171b095-7756-41de-8644-a062a96043f2)
add Policy Microsoft Managed Control 1412 - Remote Maintenance (3492d949-0dbb-4589-88b3-7b59601cc764)
add Policy Microsoft Managed Control 1025 - Account Management | Account Monitoring / Atypical Usage (adfe020d-0a97-45f4-a39c-696ef99f3a95)
add Policy Microsoft Managed Control 1652 - Mobile Code (6998e84a-2d29-4e10-8962-76754d4f772d)
add Policy Microsoft Managed Control 1506 - Personnel Security Policy And Procedures (f7d2ff17-d604-4dd9-b607-9ecf63f28ad2)
add Policy Microsoft Managed Control 1632 - Boundary Protection | Prevent Split Tunneling For Remote Devices (4ce9073a-77fa-48f0-96b1-87aa8e6091c2)
add Policy Microsoft Managed Control 1486 - Alternate Work Site (cb790345-a51f-43de-934e-98dbfaf9dca5)
add Policy Microsoft Managed Control 1707 - Security Alerts & Advisories | Automated Alerts And Advisories (fd4a2ac8-868a-4702-a345-6c896c3361ce)
add Policy Microsoft Managed Control 1347 - Identification And Authentication (Non-Organizational Users) | Acceptance Of Piv Credentials... (131a2706-61e9-4916-a164-00e052056462)
add Policy Microsoft Managed Control 1179 - Baseline Configuration | Reviews And Updates (3f9ce557-c8ab-4e6c-bb2c-9b8ed002c46c)
add Policy Microsoft Managed Control 1619 - Information In Shared Resources (c722e569-cb52-45f3-a643-836547d016e1)
add Policy Microsoft Managed Control 1266 - Contingency Plan Testing | Alternate Processing Site (3b4a3eb2-c25d-40bf-ad41-5094b6f59cee)
add Policy Microsoft Managed Control 1727 - Memory Protection (697175a7-9715-4e89-b98b-c6f605888fa3)
add Policy Microsoft Managed Control 1051 - Session Lock (7cac6ee9-b58b-40c8-a5ce-f0efc3d9b339)
add Policy Microsoft Managed Control 1592 - External Information System Services | Consistent Interests Of Consumers And Providers (1d01ba6c-289f-42fd-a408-494b355b6222)
add Policy Microsoft Managed Control 1027 - Access Enforcement (a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c)
add Policy Microsoft Managed Control 1552 - Vulnerability Scanning | Update By Frequency / Prior To New Scan / When Identified (43684572-e4f1-4642-af35-6b933bc506da)
add Policy Microsoft Managed Control 1081 - Information Sharing (3867f2a9-23bb-4729-851f-c3ad98580caf)
add Policy Microsoft Managed Control 1573 - Acquisitions Process (58c93053-7b98-4cf0-b99f-1beb985416c2)
add Policy Microsoft Managed Control 1331 - Authenticator Management | Password-Based Authentication (05460fe2-301f-4ed1-8174-d62c8bb92ff4)
add Policy Microsoft Managed Control 1376 - Incident Response Assistance | Coordination With External Providers (493a95f3-f2e3-47d0-af02-65e6d6decc2f)
add Policy Microsoft Managed Control 1713 - Software & Information Integrity | Integrity Checks (0d87c70b-5012-48e9-994b-e70dd4b8def0)
add Policy Microsoft Managed Control 1240 - User-Installed Software (129eb39f-d79a-4503-84cd-92f036b5e429)
add Policy Microsoft Managed Control 1180 - Baseline Configuration | Automation Support For Accuracy / Currency (874e7880-a067-42a7-bcbe-1a340f54c8cc)
add Policy Microsoft Managed Control 1075 - Access Control for Portable And Mobile Systems | Full Device / Container-Based Encryption (fc933d22-04df-48ed-8f87-22a3773d4309)
add Policy Microsoft Managed Control 1215 - Least Functionality (88fc93e8-4745-4785-b5a5-b44bb92c44ff)
add Policy Microsoft Managed Control 1663 - Protection Of Information At Rest (60171210-6dde-40af-a144-bf2670518bfa)
add Policy Microsoft Managed Control 1523 - Personnel Transfer (5577a310-2551-49c8-803b-36e0d5e55601)
add Policy Microsoft Managed Control 1416 - Remote Maintenance | Document Remote Maintenance (38dfd8a3-5290-4099-88b7-4081f4c4d8ae)
add Policy Microsoft Managed Control 1052 - Session Lock (027cae1c-ec3e-4492-9036-4168d540c42a)
add Policy Microsoft Managed Control 1457 - Physical Access Control (f2d9d3e6-8886-4305-865d-639163e5c305)
add Policy Microsoft Managed Control 1547 - Vulnerability Scanning (58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52)
add Policy Microsoft Managed Control 1016 - Account Management | Automated Audit Actions (d8b43277-512e-40c3-ab00-14b3b6e72238)
add Policy Microsoft Managed Control 1157 - Plan Of Action And Milestones (15495367-cf68-464c-bbc3-f53ca5227b7a)
add Policy Microsoft Managed Control 1167 - Continuous Monitoring (cbb2be76-4891-430b-95a7-ca0b0a3d1300)
add Policy Microsoft Managed Control 1125 - Audit Reduction And Report Generation (c6ce745a-670e-47d3-a6c4-3cfe5ef00c10)
add Policy Microsoft Managed Control 1340 - Authenticator Management | No Embedded Unencrypted Static Authenticators (e51ff84b-e5ea-408f-b651-2ecc2933e4c6)
add Policy Microsoft Managed Control 1608 - Supply Chain Protection (b73b7b3b-677c-4a2a-b949-ad4dc4acd89f)
add Policy Microsoft Managed Control 1004 - Account Management (c17822dc-736f-4eb4-a97d-e6be662ff835)
add Policy Microsoft Managed Control 1510 - Position Categorization (79da5b09-0e7e-499e-adda-141b069c7998)
add Policy Microsoft Managed Control 1170 - Penetration Testing (8b78b9b3-ee3c-48e0-a243-ed6dba5b7a12)
add Policy Microsoft Managed Control 1191 - Configuration Change Control | Automated Document / Notification / Prohibition Of Changes (7f26a61b-a74d-467c-99cf-63644db144f7)
add Policy Microsoft Managed Control 1099 - Security Training Records (01910bab-8639-4bd0-84ef-cc53b24d79ba)
add Policy Microsoft Managed Control 1516 - Personnel Termination (da3cd269-156f-435b-b472-c3af34c032ed)
add Policy Microsoft Managed Control 1529 - Third-Party Personnel Security (d74fdc92-1cb8-4a34-9978-8556425cd14c)
add Policy Microsoft Managed Control 1343 - Authenticator Management | Expiration Of Cached Authenticators (2c251a55-31eb-4e53-99c6-e9c43c393ac2)
add Policy Microsoft Managed Control 1192 - Configuration Change Control | Automated Document / Notification / Prohibition Of Changes (4ebd97f7-b105-4f50-8daf-c51465991240)
add Policy Microsoft Managed Control 1476 - Fire Protection (0f3c4ac2-3e35-4906-a80b-473b12a622d7)
add Policy Microsoft Managed Control 1639 - Boundary Protection | Isolation Of Information System Components (78e8e649-50f6-4fe3-99ac-fedc2e63b03f)
add Policy Microsoft Managed Control 1565 - System Development Life Cycle (45ce2396-5c76-4654-9737-f8792ab3d26b)
add Policy Microsoft Managed Control 1237 - Software Usage Restrictions | Open Source Software (e80b6812-0bfa-4383-8223-cdd86a46a890)
add Policy Microsoft Managed Control 1021 - Account Management | Restrictions On Use Of Shared / Group Accounts (9a3eb0a3-428d-4669-baff-20a14eb4b551)
add Policy Microsoft Managed Control 1502 - Rules Of Behavior | Social Media And Networking Restrictions (e901375c-8f01-4ac8-9183-d5312f47fe63)
add Policy Microsoft Managed Control 1664 - Protection Of Information At Rest | Cryptographic Protection (a2cdf6b8-9505-4619-b579-309ba72037ac)
add Policy Microsoft Managed Control 1214 - Least Functionality (f714a4e2-b580-47b6-ae8c-f2812d3750f3)
add Policy Microsoft Managed Control 1046 - Unsuccessful Logon Attempts | Purge / Wipe Mobile Device (0b1aa965-7502-41f9-92be-3e2fe7cc392a)
add Policy Microsoft Managed Control 1705 - Security Alerts & Advisories (f82e3639-fa2b-4e06-a786-932d8379b972)
add Policy Microsoft Managed Control 1299 - Identification And Authentication Policy And Procedures (fd4e54f7-9ab0-4bae-b6cc-457809948a89)
add Policy Microsoft Managed Control 1582 - Information System Documentation (cd9e2f38-259b-462c-bfad-0ad7ab4e65c5)
add Policy Microsoft Managed Control 1238 - User-Installed Software (a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1)
add Policy Microsoft Managed Control 1228 - Information System Component Inventory | Accountability Information (39c54140-5902-4079-8bb5-ad31936fe764)
add Policy Microsoft Managed Control 1586 - External Information System Services (6e3b2fbd-8f37-4766-a64d-3f37703dcb51)
add Policy Microsoft Managed Control 1313 - Identifier Management (36220f5b-79a1-4cdb-8c74-2d2449f9a510)
add Policy Microsoft Managed Control 1337 - Authenticator Management | In-Person Or Trusted Third-Party Registration (463e5220-3f79-4e24-a63f-343e4096cd22)
add Policy Microsoft Managed Control 1345 - Cryptographic Module Authentication (f86aa129-7c07-4aa4-bbf5-792d93ffd9ea)
add Policy Microsoft Managed Control 1688 - Information System Monitoring (063c3f09-e0f0-4587-8fd5-f4276fae675f)
add Policy Microsoft Managed Control 1152 - System Interconnections (beff0acf-7e67-40b2-b1ca-1a0e8205cf1b)
add Policy Microsoft Managed Control 1166 - Continuous Monitoring (bb02733d-3cc5-4bb0-a6cd-695ba2c2272e)
add Policy Microsoft Managed Control 1236 - Software Usage Restrictions (9ba3ed84-c768-4e18-b87c-34ef1aff1b57)
add Policy Microsoft Managed Control 1708 - Security Functionality Verification (7a1e2c88-13de-4959-8ee7-47e3d74f1f48)
add Policy Microsoft Managed Control 1246 - Contingency Plan (398eb61e-8111-40d5-a0c9-003df28f1753)
add Policy Microsoft Managed Control 1609 - Development Process, Standards, And Tools (9e93fa71-42ac-41a7-b177-efbfdc53c69f)
add Policy Microsoft Managed Control 1615 - System And Communications Protection Policy And Procedures (f35e02aa-0a55-49f8-8811-8abfa7e6f2c0)
add Policy Microsoft Managed Control 1253 - Contingency Plan | Resume Essential Missions / Business Functions (0afce0b3-dd9f-42bb-af28-1e4284ba8311)
add Policy Microsoft Managed Control 1452 - Physical Access Control (82c76455-4d3f-4e09-a654-22e592107e74)
add Policy Microsoft Managed Control 1618 - Security Function Isolation (f52f89aa-4489-4ec4-950e-8c96a036baa9)
add Policy Microsoft Managed Control 1251 - Contingency Plan | Coordinate With Related Plans (5e2b3730-8c14-4081-8893-19dbb5de7348)
add Policy Microsoft Managed Control 1481 - Temperature And Humidity Controls (717a1c78-a267-4f56-ac58-ee6c54dc4339)
add Policy Microsoft Managed Control 1104 - Audit Events (cdd8d244-18b2-4306-a1d1-df175ae0935f)
add Policy Microsoft Managed Control 1721 - Spam Protection | Central Management (d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a)
add Policy Microsoft Managed Control 1102 - Audit Events (9943c16a-c54c-4b4a-ad28-bfd938cdbf57)
add Policy Microsoft Managed Control 1643 - Cryptographic Key Establishment And Management (6d8d492c-dd7a-46f7-a723-fa66a425b87c)
add Policy Microsoft Managed Control 1630 - Boundary Protection | External Telecommunications Services (3643717a-3897-4bfd-8530-c7c96b26b2a0)
add Policy Microsoft Managed Control 1601 - Developer Security Testing And Evaluation (0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e)
add Policy Microsoft Managed Control 1521 - Personnel Termination | Automated Notification (3cbddf9c-a3aa-4330-a0f5-4c0c1f1862e5)
add Policy Microsoft Managed Control 1321 - Authenticator Management (eb627cc6-3a9d-46b5-96b7-5fca49178a37)
add Policy Microsoft Managed Control 1218 - Least Functionality | Prevent Program Execution (4a1d0394-b9f5-493e-9e83-563fd0ac4df8)
add Policy Microsoft Managed Control 1312 - Identifier Management (4d6a5968-9eef-4c18-8534-376790ab7274)
add Policy Microsoft Managed Control 1304 - User Identification And Authentication | Local Access To Non-Privileged Accounts (6ca71be3-16cb-4d39-8b50-7f8fd5e2f11b)
add Policy Microsoft Managed Control 1231 - Configuration Management Plan (244e0c05-cc45-4fe7-bf36-42dcf01f457d)
add Policy Microsoft Managed Control 1309 - User Identification And Authentication | Acceptance Of Piv Credentials (f355d62b-39a8-4ba3-abf7-90f71cb3b000)
add Policy Microsoft Managed Control 1512 - Personnel Screening (5a8324ad-f599-429b-aaed-f9c6e8c987a8)
add Policy Microsoft Managed Control 1041 - Least Privilege | Privilege Levels For Code Execution (b3d8d15b-627a-4219-8c96-4d16f788888b)
add Policy Microsoft Managed Control 1392 - Information Spillage Response | Post-Spill Operations (86dc819f-15e1-43f9-a271-41ae58d4cecc)
add Policy Microsoft Managed Control 1242 - Contingency Planning Policy And Procedures (cf3b3293-667a-445e-a722-fa0b0afc0958)
add Policy Microsoft Managed Control 1163 - Continuous Monitoring (961663a1-8a91-4e59-b6f5-1eee57c0f49c)
add Policy Microsoft Managed Control 1693 - Information System Monitoring | System-Generated Alerts (a450eba6-2efc-4a00-846a-5804a93c6b77)
add Policy Microsoft Managed Control 1080 - Use Of External Information Systems | Portable Storage Devices (852981b4-a380-4704-aa1e-2e52d63445e5)
add Policy Microsoft Managed Control 1369 - Incident Monitoring (18cc35ed-a429-486d-8d59-cb47e87304ed)
add Policy Microsoft Managed Control 1305 - User Identification And Authentication | Group Authentication (9d9166a8-1722-4b8f-847c-2cf3f2618b3d)
add Policy Microsoft Managed Control 1459 - Access Control For Transmission Medium (75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0)
add Policy Microsoft Managed Control 1434 - Media Transport (2c18f06b-a68d-41c3-8863-b8cd3acb5f8f)
add Policy Microsoft Managed Control 1019 - Account Management | Role-Based Schemes (6a3ee9b2-3977-459c-b8ce-2db583abd9f7)
add Policy Microsoft Managed Control 1156 - Plan Of Action And Milestones (4d52e864-9a3b-41ee-8f03-520815fe5378)
add Policy Microsoft Managed Control 1283 - Telecommunications Services | Separation Of Primary / Alternate Providers (a9172e76-7f56-46e9-93bf-75d69bdb5491)
add Policy Microsoft Managed Control 1049 - System Use Notification (9adf7ba7-900a-4f35-8d57-9f34aafc405c)
add Policy Microsoft Managed Control 1368 - Incident Handling | Correlation With External Organizations (465f32da-0ace-4603-8d1b-7be5a3a702de)
add Policy Microsoft Managed Control 1220 - Least Functionality | Authorized Software / Whitelisting (c40f31a7-81e1-4130-99e5-a02ceea2a1d6)
add Policy Microsoft Managed Control 1091 - Security Awareness (b23bd715-5d1c-4e5c-9759-9cbdf79ded9d)
add Policy Microsoft Managed Control 1067 - Wireless Access Restrictions (5c5e54f6-0127-44d0-8b61-f31dc8dd6190)
add Policy Microsoft Managed Control 1509 - Position Categorization (70792197-9bfc-4813-905a-bd33993e327f)
add Policy Microsoft Managed Control 1077 - Use Of External Information Systems (2dad3668-797a-412e-a798-07d3849a7a79)
add Policy Microsoft Managed Control 1078 - Use Of External Information Systems | Limits On Authorized Use (b25faf85-8a16-4f28-8e15-d05c0072d64d)
add Policy Microsoft Managed Control 1431 - Media Storage (a7173c52-2b99-4696-a576-63dd5f970ef4)
add Policy Microsoft Managed Control 1198 - Configuration Change Control | Security Representative (f56be5c3-660b-4c61-9078-f67cf072c356)
add Policy Microsoft Managed Control 1408 - Maintenance Tools | Prevent Unauthorized Removal (c5f56ac6-4bb2-4086-bc41-ad76344ba2c2)
add Policy Microsoft Managed Control 1430 - Media Labeling (0f559588-5e53-4b14-a7c4-85d28ebc2234)
add Policy Microsoft Managed Control 1515 - Personnel Termination (02dd141a-a2b2-49a7-bcbd-ca31142f6211)
add Policy Microsoft Managed Control 1308 - User Identification And Authentication | Remote Access - Separate Device (81817e1c-5347-48dd-965a-40159d008229)
add Policy Microsoft Managed Control 1674 - Flaw Remediation | Time To Remediate Flaws / Benchmarks For Corrective Actions (93e9e233-dd0a-4bde-aea5-1371bce0e002)
add Policy Microsoft Managed Control 1562 - Allocation Of Resources (d4142013-7964-4163-a313-a900301c2cef)
add Policy Microsoft Managed Control 1387 - Information Spillage Response (e3007185-3857-43a9-8237-06ca94f1084c)
add Policy Microsoft Managed Control 1505 - Information Security Architecture (813a10a7-3943-4fe3-8678-00dc52db5490)
add Policy Microsoft Managed Control 1532 - Third-Party Personnel Security (a2c66299-9017-4d95-8040-8bdbf7901d52)
add Policy Microsoft Managed Control 1398 - Controlled Maintenance (443e8f3d-b51a-45d8-95a7-18b0e42f4dc4)
add Policy Microsoft Managed Control 1185 - Configuration Change Control (6420cd73-b939-43b7-9d99-e8688fea053c)
add Policy Microsoft Managed Control 1194 - Configuration Change Control | Automated Document / Notification / Prohibition Of Changes (bc34667f-397e-4a65-9b72-d0358f0b6b09)
add Policy Microsoft Managed Control 1628 - Boundary Protection | External Telecommunications Services (67de62b4-a737-4781-8861-3baed3c35069)
add Policy Microsoft Managed Control 1563 - Allocation Of Resources (9afe2edf-232c-4fdf-8e6a-e867a5c525fd)
add Policy Microsoft Managed Control 1288 - Information System Backup (8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f)
add Policy Microsoft Managed Control 1668 - Flaw Remediation (8fb0966e-be1d-42c3-baca-60df5c0bcc61)
add Policy Microsoft Managed Control 1061 - Remote Access | Automated Monitoring / Control (7ac22808-a2e8-41c4-9d46-429b50738914)
add Policy Microsoft Managed Control 1540 - Security Categorization (f771f8cb-6642-45cc-9a15-8a41cd5c6977)
add Policy Microsoft Managed Control 1056 - Session Termination | User-Initiated Logouts / Message Displays (ac43352f-df83-4694-8738-cfce549fd08d)
add Policy Microsoft Managed Control 1221 - Least Functionality | Authorized Software / Whitelisting (22589a07-0007-486a-86ca-95355081ae2a)
add Policy Microsoft Managed Control 1545 - Risk Assessment (3f4b171a-a56b-4328-8112-32cf7f947ee1)
add Policy Microsoft Managed Control 1217 - Least Functionality | Periodic Review (edea4f20-b02c-4115-be75-86c080e5c0ed)
add Policy Microsoft Managed Control 1269 - Alternate Storage Site | Separation From Primary Site (19b9439d-865d-4474-b17d-97d2702fdb66)
add Policy Microsoft Managed Control 1265 - Contingency Plan Testing | Alternate Processing Site (a18adb5b-1db6-4a5b-901a-7d3797d12972)
add Policy Microsoft Managed Control 1535 - Personnel Sanctions (f9a165d2-967d-4733-8399-1074270dae2e)
add Policy Microsoft Managed Control 1135 - Non-Repudiation (9c308b6b-2429-4b97-86cf-081b8e737b04)
add Policy Microsoft Managed Control 1388 - Information Spillage Response (2c7c575a-d4c5-4f6f-bd49-dee97a8cba55)
add Policy Microsoft Managed Control 1197 - Configuration Change Control | Test / Validate / Document Changes (a20d2eaa-88e2-4907-96a2-8f3a05797e5c)
add Policy Microsoft Managed Control 1513 - Personnel Screening | Information With Special Protection Measures (c416970d-b12b-49eb-8af4-fb144cd7c290)
add Policy Microsoft Managed Control 1225 - Information System Component Inventory | Automated Maintenance (8d096fe0-f510-4486-8b4d-d17dc230980b)
add Policy Microsoft Managed Control 1460 - Access Control For Output Devices (6f3ce1bb-4f77-4695-8355-70b08d54fdda)
add Policy Microsoft Managed Control 1625 - Boundary Protection | Access Points (b9b66a4d-70a1-4b47-8fa1-289cec68c605)
add Policy Microsoft Managed Control 1427 - Media Protection Policy And Procedures (bc90e44f-d83f-4bdf-900f-3d5eb4111b31)
add Policy Microsoft Managed Control 1580 - Information System Documentation (854db8ac-6adf-42a0-bef3-b73f764f40b9)
add Policy Microsoft Managed Control 1040 - Least Privilege | Review Of User Privileges (54205576-cec9-463f-ba44-b4b3f5d0a84c)
add Policy Microsoft Managed Control 1303 - User Identification And Authentication | Local Access To Privileged Accounts (80ca0a27-918a-4604-af9e-723a27ee51e8)
add Policy Microsoft Managed Control 1695 - Information System Monitoring | Wireless Intrusion Detection (13fcf812-ec82-4eda-9b89-498de9efd620)
add Policy Microsoft Managed Control 1258 - Contingency Training (7814506c-382c-4d33-a142-249dd4a0dbff)
add Policy Microsoft Managed Control 1325 - Authenticator Management (1845796a-7581-49b2-ae20-443121538e19)
add Policy Microsoft Managed Control 1122 - Audit Review, Analysis, And Reporting | Permitted Actions (243ec95e-800c-49d4-ba52-1fdd9f6b8b57)
add Policy Microsoft Managed Control 1553 - Vulnerability Scanning | Breadth / Depth Of Coverage (9e5225fe-cdfb-4fce-9aec-0fe20dd53b62)
add Policy Microsoft Managed Control 1101 - Audit And Accountability Policy And Procedures (7327b708-f0e0-457d-9d2a-527fcc9c9a65)
add Policy Microsoft Managed Control 1604 - Developer Security Testing And Evaluation (44dbba23-0b61-478e-89c7-b3084667782f)
add Policy Microsoft Managed Control 1234 - Software Usage Restrictions (b293f881-361c-47ed-b997-bc4e2296bc0b)
add Policy Microsoft Managed Control 1579 - Acquisitions Process | Use Of Approved Piv Products (4e54c7ef-7457-430b-9a3e-ef8881d4a8e0)
add Policy Microsoft Managed Control 1482 - Temperature And Humidity Controls | Monitoring With Alarms / Notifications (9df4277e-8c88-4d5c-9b1a-541d53d15d7b)
add Policy Microsoft Managed Control 1161 - Continuous Monitoring (e2f8f6c6-dde4-436b-a79d-bc50e129eb3a)
add Policy Microsoft Managed Control 1641 - Transmission Confidentiality And Integrity | Cryptographic Or Alternate Physical Protection (d39d4f68-7346-4133-8841-15318a714a24)
add Policy Microsoft Managed Control 1642 - Network Disconnect (53397227-5ee3-4b23-9e5e-c8a767ce6928)
add Policy Microsoft Managed Control 1595 - Developer Configuration Management (1e0414e7-6ef5-4182-8076-aa82fbb53341)
add Policy Microsoft Managed Control 1132 - Protection Of Audit Information | Audit Backup On Separate Physical Systems / Components (05938e10-cdbd-4a54-9b2b-1cbcfc141ad0)
add Policy Microsoft Managed Control 1195 - Configuration Change Control | Automated Document / Notification / Prohibition Of Changes (d1e1d65c-1013-4484-bd54-991332e6a0d2)
add Policy Microsoft Managed Control 1332 - Authenticator Management | Password-Based Authentication (068260be-a5e6-4b0a-a430-cd27071c226a)
add Policy Microsoft Managed Control 1222 - Information System Component Inventory (fb39e62f-6bda-4558-8088-ec03d5670914)
add Policy Microsoft Managed Control 1655 - Voice Over Internet Protocol (121eab72-390e-4629-a7e2-6d6184f57c6b)
add Policy Microsoft Managed Control 1348 - Identification And Authentication (Non-Organizational Users) | Acceptance Of Third-Party... (855ced56-417b-4d74-9d5f-dd1bc81e22d6)
add Policy Microsoft Managed Control 1276 - Alternate Processing Site | Accessibility (e214e563-1206-4a43-a56b-ac5880c9c571)
add Policy Microsoft Managed Control 1259 - Contingency Training (9d9e18f7-bad9-4d30-8806-a0c9d5e26208)
add Policy Microsoft Managed Control 1090 - Security Awareness (2fb740e5-cbc7-4d10-8686-d1bf826652b1)
add Policy Microsoft Managed Control 1380 - Incident Response Plan (b4319b7e-ea8d-42ff-8a67-ccd462972827)
add Policy Microsoft Managed Control 1224 - Information System Component Inventory | Updates During Installations / Removals (28cfa30b-7f72-47ce-ba3b-eed26c8d2c82)
add Policy Microsoft Managed Control 1072 - Wireless Access Restrictions | Antennas / Transmission Power Levels (1ca29e41-34ec-4e70-aba9-6248aca18c31)
add Policy Microsoft Managed Control 1649 - Collaborative Computing Devices (26d292cc-b0b8-4c29-9337-68abc758bf7b)
add Policy Microsoft Managed Control 1449 - Physical Access Authorizations (f784d3b0-5f2b-49b7-b9f3-00ba8653ced5)
add Policy Microsoft Managed Control 1133 - Protection Of Audit Information | Cryptographic Protection (90b60a09-133d-45bc-86ef-b206a6134bbe)
add Policy Microsoft Managed Control 1262 - Contingency Plan Testing (831e510e-db41-4c72-888e-a0621ab62265)
add Policy Microsoft Managed Control 1117 - Audit Review, Analysis, And Reporting | Process Integration (7fbfe680-6dbb-4037-963c-a621c5635902)
add Policy Microsoft Managed Control 1353 - Incident Response Training (c785ad59-f78f-44ad-9a7f-d1202318c748)
add Policy Microsoft Managed Control 1479 - Fire Protection | Automatic Fire Suppression (e327b072-281d-4f75-9c28-4216e5d72f26)
add Policy Microsoft Managed Control 1085 - Publicly Accessible Content (13d117e0-38b0-4bbb-aaab-563be5dd10ba)
add Policy Microsoft Managed Control 1501 - Rules Of Behavior (88817b58-8472-4f6c-81fa-58ce42b67f51)
add Policy Microsoft Managed Control 1005 - Account Management (5b626abc-26d4-4e22-9de8-3831818526b1)
add Policy Microsoft Managed Control 1089 - Security Awareness (ef080e67-0d1a-4f76-a0c5-fb9b0358485e)
add Policy Microsoft Managed Control 1110 - Audit Storage Capacity (6182bfa7-0f2a-43f5-834a-a2ddf31c13c7)
add Policy Microsoft Managed Control 1419 - Remote Maintenance | Cryptographic Protection (b6747bf9-2b97-45b8-b162-3c8becb9937d)
add Policy Microsoft Managed Control 1703 - Security Alerts & Advisories (804faf7d-b687-40f7-9f74-79e28adf4205)
add Policy Microsoft Managed Control 1294 - Information System Backup | Transfer To Alternate Storage Site (49dbe627-2c1e-438c-979e-dd7a39bbf81d)
add Policy Microsoft Managed Control 1536 - Risk Assessment Policy And Procedures (6e40d9de-2ad4-4cb5-8945-23143326a502)
add Policy Microsoft Managed Control 1138 - Audit Generation (9c284fc0-268a-4f29-af44-3c126674edb4)
add Policy Microsoft Managed Control 1114 - Response To Audit Processing Failures | Real-Time Alerts (4c090801-59bc-4454-bb33-e0455133486a)
add Policy Microsoft Managed Control 1439 - Media Sanitization And Disposal (dce72873-c5f1-47c3-9b4f-6b8207fd5a45)
add Policy Microsoft Managed Control 1483 - Water Damage Protection (5cb81060-3c8a-4968-bcdc-395a1801f6c1)
add Policy Microsoft Managed Control 1168 - Continuous Monitoring | Independent Assessment (82409f9e-1f32-4775-bf07-b99d53a91b06)
add Policy Microsoft Managed Control 1426 - Media Protection Policy And Procedures (21f639bc-f42b-46b1-8f40-7a2a389c291a)
add Policy Microsoft Managed Control 1612 - Developer Security Architecture And Design (a2037b3d-8b04-4171-8610-e6d4f1d08db5)
add Policy Microsoft Managed Control 1696 - Information System Monitoring | Correlate Monitoring Information (69d2a238-20ab-4206-a6dc-f302bf88b1b8)
add Policy Microsoft Managed Control 1023 - Account Management | Usage Conditions (e55698b6-3dea-4aa9-99b9-d8218c6ab6e5)
add Policy Microsoft Managed Control 1472 - Emergency Shutoff (ef869332-921d-4c28-9402-3be73e6e50c8)
add Policy Microsoft Managed Control 1596 - Developer Configuration Management (21e25e01-0ae0-41be-919e-04ce92b8e8b8)
add Policy Microsoft Managed Control 1210 - Configuration Settings (3502c968-c490-4570-8167-1476f955e9b8)
add Policy Microsoft Managed Control 1273 - Alternate Processing Site (e77fcbf2-a1e8-44f1-860e-ed6583761e65)
add Policy Microsoft Managed Control 1700 - Information System Monitoring | Unauthorized Network Services (7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5)
add Policy Microsoft Managed Control 1295 - Information System Recovery And Reconstitution (a895fbdb-204d-4302-9689-0a59dc42b3d9)
add Policy Microsoft Managed Control 1074 - Access Control for Portable And Mobile Systems (27a69937-af92-4198-9b86-08d355c7e59a)
add Policy Microsoft Managed Control 1724 - Error Handling (d07594d1-0307-4c08-94db-5d71ff31f0f6)
add Policy Microsoft Managed Control 1173 - Internal System Connections (c4aff9e7-2e60-46fa-86be-506b79033fc5)
add Policy Microsoft Managed Control 1105 - Audit Events (5b73f57b-587d-4470-a344-0b0ae805f459)
add Policy Microsoft Managed Control 1006 - Account Management (aae8d54c-4bce-4c04-b3aa-5b65b67caac8)
add Policy Microsoft Managed Control 1567 - System Development Life Cycle (e72edbf6-aa61-436d-a227-0f32b77194b3)
add Policy Microsoft Managed Control 1203 - Access Restrictions For Change | Automated Access Enforcement / Auditing (f9012d14-e3e6-4d7b-b926-9f37b5537066)
add Policy Microsoft Managed Control 1433 - Media Transport (5b879b41-2728-41c5-ad24-9ee2c37cbe65)
add Policy Microsoft Managed Control 1393 - Information Spillage Response | Exposure To Unauthorized Personnel (731856d8-1598-4b75-92de-7d46235747c0)
add Policy Microsoft Managed Control 1032 - Separation Of Duties (5aa85661-d618-46b8-a20f-ca40a86f0751)
add Policy Microsoft Managed Control 1177 - Baseline Configuration | Reviews And Updates (63dbc7a8-e20b-4d38-b857-a7f6c0cd94bc)
add Policy Microsoft Managed Control 1018 - Account Management | Role-Based Schemes (c9121abf-e698-4ee9-b1cf-71ee528ff07f)
add Policy Microsoft Managed Control 1293 - Information System Backup | Separate Storage For Critical Information (87f7cd82-2e45-4d0f-9e2f-586b0962d142)
add Policy Microsoft Managed Control 1358 - Incident Response Testing (effbaeef-5bf4-400d-895e-ef8cbc0e64c7)
add Policy Microsoft Managed Control 1678 - Malicious Code Protection (dd533cb0-b416-4be7-8e86-4d154824dfd7)
add Policy Microsoft Managed Control 1634 - Boundary Protection | Prevent Unauthorized Exfiltration (292a7c44-37fa-4c68-af7c-9d836955ded2)
add Policy Microsoft Managed Control 1043 - Least Privilege | Prohibit Non-Privileged Users From Executing Privileged Functions (361a77f6-0f9c-4748-8eec-bc13aaaa2455)
add Policy Microsoft Managed Control 1657 - Secure Name / Address Resolution Service (Authoritative Source) (90f01329-a100-43c2-af31-098996135d2b)
add Policy Microsoft Managed Control 1429 - Media Labeling (b07c9b24-729e-4e85-95fc-f224d2d08a80)
add Policy Microsoft Managed Control 1064 - Remote Access | Privileged Commands / Access (eb4d9508-cbf0-4a3c-bb5c-6c95b159f3fb)
add Policy Microsoft Managed Control 1257 - Contingency Training (b958b241-4245-4bd6-bd2d-b8f0779fb543)
add Policy Microsoft Managed Control 1151 - System Interconnections (347e3b69-7fb7-47df-a8ef-71a1a7b44bca)
add Policy Microsoft Managed Control 1683 - Information System Monitoring (8c79fee4-88dd-44ce-bbd4-4de88948c4f8)
add Policy Microsoft Managed Control 1274 - Alternate Processing Site (2aee175f-cd16-4825-939a-a85349d96210)
add Policy Microsoft Managed Control 1559 - System And Services Acquisition Policy And Procedures (45692294-f074-42bd-ac54-16f1a3c07554)
add Policy Microsoft Managed Control 1611 - Developer-Provided Training (fdda8a0c-ac32-43f6-b2f4-7dc1df03f43f)
add Policy Microsoft Managed Control 1131 - Protection Of Audit Information (b472a17e-c2bc-493f-b50b-42d55a346962)
add Policy Microsoft Managed Control 1328 - Authenticator Management | Password-Based Authentication (f5c66fdc-3d02-4034-9db5-ba57802609de)
add Policy Microsoft Managed Control 1148 - Security Assessments | Independent Assessors (28e62650-c7c2-4786-bdfa-17edc1673902)
add Policy Microsoft Managed Control 1488 - Alternate Work Site (d8ef30eb-a44f-47af-8524-ac19a36d41d2)
add Policy Microsoft Managed Control 1574 - Acquisitions Process (0f935dab-83d6-47b8-85ef-68b8584161b9)
add Policy Microsoft Managed Control 1219 - Least Functionality | Authorized Software / Whitelisting (2a39ac75-622b-4c88-9a3f-45b7373f7ef7)
add Policy Microsoft Managed Control 1256 - Contingency Plan | Identify Critical Assets (232ab24b-810b-4640-9019-74a7d0d6a980)
add Policy Microsoft Managed Control 1465 - Monitoring Physical Access | Monitoring Physical Access To Information Systems (e6e41554-86b5-4537-9f7f-4fc41a1d1640)
add Policy Microsoft Managed Control 1111 - Response To Audit Processing Failures (21de687c-f15e-4e51-bf8d-f35c8619965b)
add Policy Microsoft Managed Control 1338 - Authenticator Management | Automated Support For Password Strength Determination (6c59a207-6aed-41dc-83a2-e1ff66e4a4db)
add Policy Microsoft Managed Control 1511 - Personnel Screening (a9eae324-d327-4539-9293-b48e122465f8)
add Policy Microsoft Managed Control 1546 - Vulnerability Scanning (2ce1ea7e-4038-4e53-82f4-63e8859333c1)
add Policy Microsoft Managed Control 1537 - Risk Assessment Policy And Procedures (b19454ca-0d70-42c0-acf5-ea1c1e5726d1)
add Policy Microsoft Managed Control 1271 - Alternate Storage Site | Accessibility (da3bfb53-9c46-4010-b3db-a7ba1296dada)
add Policy Microsoft Managed Control 1647 - Use of Cryptography (791cfc15-6974-42a0-9f4c-2d4b82f4a78c)
add Policy Microsoft Managed Control 1124 - Audit Reduction And Report Generation (c10152dd-78f8-4335-ae2d-ad92cc028da4)
add Policy Microsoft Managed Control 1333 - Authenticator Management | Pki-Based Authentication (3298d6bf-4bc6-4278-a95d-f7ef3ac6e594)
add Policy Microsoft Managed Control 1139 - Audit Generation (4ed62522-de00-4dda-9810-5205733d2f34)
add Policy Microsoft Managed Control 1627 - Boundary Protection | External Telecommunications Services (fd73310d-76fc-422d-bda4-3a077149f179)
add Policy Microsoft Managed Control 1071 - Wireless Access Restrictions | Restrict Configurations By Users (1a437f5b-9ad6-4f28-8861-de404d511ae4)
add Policy Microsoft Managed Control 1593 - External Information System Services | Processing, Storage, And Service Location (2cd0a426-b5f5-4fe0-9539-a6043cdbc6fa)
add Policy Microsoft Managed Control 1714 - Software & Information Integrity | Automated Notifications Of Integrity Violations (e12494fa-b81e-4080-af71-7dbacc2da0ec)
add Policy Microsoft Managed Control 1172 - Internal System Connections (b43e946e-a4c8-4b92-8201-4a39331db43c)
add Policy Microsoft Managed Control 1036 - Least Privilege | Non-Privileged Access For Nonsecurity Functions (9a16d673-8cf0-4dcf-b1d5-9b3e114fef71)
add Policy Microsoft Managed Control 1318 - Authenticator Management (fced5fda-3bdb-4d73-bfea-0e2c80428b66)
add Policy Microsoft Managed Control 1568 - Acquisitions Process (b6a8eae8-9854-495a-ac82-d2cd3eac02a6)
add Policy Microsoft Managed Control 1024 - Account Management | Account Monitoring / Atypical Usage (84914fb4-12da-4c53-a341-a9fd463bed10)
add Policy Microsoft Managed Control 1588 - External Information System Services (68ebae26-e0e0-4ecb-8379-aabf633b51e9)
add Policy Microsoft Managed Control 1339 - Authenticator Management | Protection Of Authenticators (367ae386-db7f-4167-b672-984ff86277c0)
add Policy Microsoft Managed Control 1589 - External Information System Services | Risk Assessments / Organizational Approvals (86ec7f9b-9478-40ff-8cfd-6a0d510081a8)
add Policy Microsoft Managed Control 1539 - Security Categorization (aabb155f-e7a5-4896-a767-e918bfae2ee0)
add Policy Microsoft Managed Control 1600 - Developer Security Testing And Evaluation (c53f3123-d233-44a7-930b-f40d3bfeb7d6)
add Policy Microsoft Managed Control 1208 - Configuration Settings (5ea87673-d06b-456f-a324-8abcee5c159f)
add Policy Microsoft Managed Control 1554 - Vulnerability Scanning | Discoverable Information (10984b4e-c93e-48d7-bf20-9c03b04e9eca)
add Policy Microsoft Managed Control 1136 - Audit Record Retention (97ed5bac-a92f-4f6d-a8ed-dc094723597c)
add Policy Microsoft Managed Control 1160 - Security Authorization (3e797ca6-2aa8-4333-b335-7036f1110c05)
add Policy Microsoft Managed Control 1028 - Information Flow Enforcement (f171df5c-921b-41e9-b12b-50801c315475)
add Policy Microsoft Managed Control 1029 - Information Flow Enforcement | Security Policy Filters (53ac8f8e-c2b5-4d44-8a2d-058e9ced9b69)
add Policy Microsoft Managed Control 1504 - Information Security Architecture (9e7c35d0-12d4-4e0c-80a2-8a352537aefd)
add Policy Microsoft Managed Control 1418 - Remote Maintenance | Comparable Security / Sanitization (28e633fd-284e-4ea7-88b4-02ca157ed713)
add Policy Microsoft Managed Control 1300 - User Identification And Authentication (99deec7d-5526-472e-b07c-3645a792026a)
add Policy Microsoft Managed Control 1623 - Boundary Protection (02ce1b22-412a-4528-8630-c42146f917ed)
add Policy Microsoft Managed Control 1680 - Malicious Code Protection | Central Management (399cd6ee-0e18-41db-9dea-cde3bd712f38)
add Policy Microsoft Managed Control 1711 - Security Functionality Verification (b083a535-a66a-41ec-ba7f-f9498bf67cde)
add Policy Microsoft Managed Control 1212 - Configuration Settings | Automated Central Management / Application / Verification (56d970ee-4efc-49c8-8a4e-5916940d784c)
add Policy Microsoft Managed Control 1407 - Maintenance Tools | Prevent Unauthorized Removal (ff9fbd83-1d8d-4b41-aac2-94cb44b33976)
add Policy Microsoft Managed Control 1716 - Software & Information Integrity | Integration Of Detection And Response (e54c325e-42a0-4dcf-b105-046e0f6f590f)
add Policy Microsoft Managed Control 1037 - Least Privilege | Network Access To Privileged Commands (fa4c2a3d-1294-41a3-9ada-0e540471e9fb)
add Policy Microsoft Managed Control 1200 - Security Impact Analysis (e98fe9d7-2ed3-44f8-93b7-24dca69783ff)
add Policy Microsoft Managed Control 1188 - Configuration Change Control (bb20548a-c926-4e4d-855c-bcddc6faf95e)
add Policy Microsoft Managed Control 1665 - Process Isolation (5df3a55c-8456-44d4-941e-175f79332512)
add Policy Microsoft Managed Control 1302 - User Identification And Authentication | Network Access To Non-Privileged Accounts (09828c65-e323-422b-9774-9d5c646124da)
add Policy Microsoft Managed Control 1555 - Vulnerability Scanning | Privileged Access (5afa8cab-1ed7-4e40-884c-64e0ac2059cc)
add Policy Microsoft Managed Control 1491 - Security Planning Policy And Procedures (1571dd40-dafc-4ef4-8f55-16eba27efc7b)
add Policy Microsoft Managed Control 1113 - Response To Audit Processing Failures | Audit Storage Capacity (562afd61-56be-4313-8fe4-b9564aa4ba7d)
add Policy Microsoft Managed Control 1558 - Vulnerability Scanning | Correlate Scanning Information (65592b16-4367-42c5-a26e-d371be450e17)
add Policy Microsoft Managed Control 1659 - Architecture And Provisioning For Name / Address Resolution Service (35a4102f-a778-4a2e-98c2-971056288df8)
add Policy Microsoft Managed Control 1390 - Information Spillage Response | Responsible Personnel (c3b65b63-09ec-4cb5-8028-7dd324d10eb0)
add Policy Microsoft Managed Control 1282 - Telecommunications Services | Single Points Of Failure (34042a97-ec6d-4263-93d2-8c1c46823b2a)
add Policy Microsoft Managed Control 1406 - Maintenance Tools | Inspect Media (a0f5339c-9292-43aa-a0bc-d27c6b8e30aa)
add Policy Microsoft Managed Control 1241 - User-Installed Software | Alerts For Unauthorized Installations (eca4d7b2-65e2-4e04-95d4-c68606b063c3)
add Policy Microsoft Managed Control 1344 - Authenticator Feedback (2c895fe7-2d8e-43a2-838c-3a533a5b355e)
add Policy Microsoft Managed Control 1671 - Flaw Remediation (5c5bbef7-a316-415b-9b38-29753ce8e698)
add Policy Microsoft Managed Control 1235 - Software Usage Restrictions (c49c610b-ece4-44b3-988c-2172b70d6e46)
add Policy Microsoft Managed Control 1108 - Content Of Audit Records | Additional Audit Information (f9ad559e-c12d-415e-9a78-e50fdd7da7ba)
add Policy Microsoft Managed Control 1349 - Identification And Authentication (Non-Organizational Users) | Use Of Ficam-Approved Products (17641f70-94cd-4a5d-a613-3d1143e20e34)
add Policy Microsoft Managed Control 1424 - Maintenance Personnel | Individuals Without Appropriate Access (cf55fc87-48e1-4676-a2f8-d9a8cf993283)
add Policy Microsoft Managed Control 1149 - Security Assessments | Specialized Assessments (2e1b855b-a013-481a-aeeb-2bcb129fd35d)
add Policy Microsoft Managed Control 1669 - Flaw Remediation (48f2f62b-5743-4415-a143-288adc0e078d)
add Policy Microsoft Managed Control 1053 - Session Lock | Pattern-Hiding Displays (7582b19c-9dba-438e-aed8-ede59ac35ba3)
add Policy Microsoft Managed Control 1268 - Alternate Storage Site (23f6e984-3053-4dfc-ab48-543b764781f5)
add Policy Microsoft Managed Control 1577 - Acquisitions Process | Continuous Monitoring Plan (d922484a-8cfc-4a6b-95a4-77d6a685407f)
add Policy Microsoft Managed Control 1204 - Access Restrictions For Change | Review System Changes (0f4f6750-d1ab-4a4c-8dfd-af3237682665)
add Policy Microsoft Managed Control 1073 - Access Control for Portable And Mobile Systems (ab55cdb0-c7dd-4bd8-ae22-a7cea7594e9c)
add Policy Microsoft Managed Control 1109 - Content Of Audit Records | Centralized Management Of Planned Audit Record Content (7d9ffa23-ad92-4d0d-b1f4-7db274cc2aec)
add Policy Microsoft Managed Control 1691 - Information System Monitoring | Automated Tools For Real-Time Analysis (71475fb4-49bd-450b-a1a5-f63894c24725)
add Policy Microsoft Managed Control 1178 - Baseline Configuration | Reviews And Updates (7818b8f4-47c6-441a-90ae-12ce04e99893)
add Policy Microsoft Managed Control 1401 - Controlled Maintenance (b78ee928-e3c1-4569-ad97-9f8c4b629847)
add Policy Microsoft Managed Control 1484 - Water Damage Protection | Automation Support (486b006a-3653-45e8-b41c-a052d3e05456)
add Policy Microsoft Managed Control 1120 - Audit Review, Analysis, And Reporting | Integration / Scanning And Monitoring Capabilities (c69b870e-857b-458b-af02-bb234f7a00d3)
add Policy Microsoft Managed Control 1034 - Least Privilege (02a5ed00-6d2e-4e97-9a98-46c32c057329)
add Policy Microsoft Managed Control 1296 - Information System Recovery And Reconstitution | Transaction Recovery (e57b98a0-a011-4956-a79d-5d17ed8b8e48)
add Policy Microsoft Managed Control 1233 - Configuration Management Plan (9d79001f-95fe-45d0-8736-f217e78c1f57)
add Policy Microsoft Managed Control 1031 - Separation Of Duties (6b93a801-fe25-4574-a60d-cb22acffae00)
add Policy Microsoft Managed Control 1229 - Information System Component Inventory | No Duplicate Accounting Of Components (03752212-103c-4ab8-a306-7e813022ca9d)
add Policy Microsoft Managed Control 1658 - Secure Name / Address Resolution Service (Recursive Or Caching Resolver) (063b540e-4bdc-4e7a-a569-3a42ddf22098)
add Policy Microsoft Managed Control 1020 - Account Management | Role-Based Schemes (0b291ee8-3140-4cad-beb7-568c077c78ce)
add Policy Microsoft Managed Control 1116 - Audit Review, Analysis, And Reporting (5e47bc51-35d1-44b8-92af-e2f2d8b67635)
add Policy Microsoft Managed Control 1610 - Development Process, Standards, And Tools (b9f3fb54-4222-46a1-a308-4874061f8491)
add Policy Microsoft Managed Control 1444 - Media Use | Prohibit Use Without Owner (666143df-f5e0-45bd-b554-135f0f93e44e)
add Policy Microsoft Managed Control 1284 - Telecommunications Services | Provider Contingency Plan (942b3e97-6ae3-410e-a794-c9c999b97c0b)
add Policy Microsoft Managed Control 1715 - Software & Information Integrity | Automated Response To Integrity Violations (dd469ae0-71a8-4adc-aafc-de6949ca3339)
add Policy Microsoft Managed Control 1651 - Mobile Code (6db63528-c9ba-491c-8a80-83e1e6977a50)
add Policy Microsoft Managed Control 1403 - Controlled Maintenance | Automated Maintenance Activities (57149289-d52b-4f40-9fe6-5233c1ef80f7)
add Policy Microsoft Managed Control 1624 - Boundary Protection (37d079e3-d6aa-4263-a069-dd7ac6dd9684)
add Policy Microsoft Managed Control 1667 - System And Information Integrity Policy And Procedures (d61880dc-6e38-4f2a-a30c-3406a98f8220)
add Policy Microsoft Managed Control 1012 - Account Management (efd7b9ae-1db6-4eb6-b0fe-87e6565f9738)
add Policy Microsoft Managed Control 1598 - Developer Configuration Management (ae7e1f5e-2d63-4b38-91ef-bce14151cce3)
add Policy Microsoft Managed Control 1530 - Third-Party Personnel Security (6e8f9566-29f1-49cd-b61f-f8628a3cf993)
add Policy Microsoft Managed Control 1660 - Session Authenticity (63096613-ce83-43e5-96f4-e588e8813554)
add Policy Microsoft Managed Control 1463 - Monitoring Physical Access (59721f87-ae25-4db0-a2a4-77cc5b25d495)
add Policy Microsoft Managed Control 1626 - Boundary Protection | External Telecommunications Services (e8f6bddd-6d67-439a-88d4-c5fe39a79341)
add Policy Microsoft Managed Control 1311 - Identifier Management (e7568697-0c9e-4ea3-9cec-9e567d14f3c6)
add Policy Microsoft Managed Control 1560 - System And Services Acquisition Policy And Procedures (e29e0915-5c2f-4d09-8806-048b749ad763)
add Policy Microsoft Managed Control 1189 - Configuration Change Control (ee45e02a-4140-416c-82c4-fecfea660b9d)
add Policy Microsoft Managed Control 1060 - Remote Access (34a987fd-2003-45de-a120-014956581f2b)
add Policy Microsoft Managed Control 1317 - Authenticator Management (8877f519-c166-47b7-81b7-8a8eb4ff3775)
add Policy Microsoft Managed Control 1699 - Information System Monitoring | Privileged Users (69c7bee8-bc19-4129-a51e-65a7b39d3e7c)
add Policy Microsoft Managed Control 1076 - Use Of External Information Systems (98a4bd5f-6436-46d4-ad00-930b5b1dfed4)
add Policy Microsoft Managed Control 1607 - Developer Security Testing And Evaluation | Dynamic Code Analysis (976a74cf-b192-4d35-8cab-2068f272addb)
add Policy Microsoft Managed Control 1042 - Least Privilege | Auditing Use Of Privileged Functions (319dc4f0-0fed-4ac9-8fc3-7aeddee82c07)
add Policy Microsoft Managed Control 1182 - Baseline Configuration | Configure Systems, Components, Or Devices For High-Risk Areas (4f34f554-da4b-4786-8d66-7915c90893da)
add Policy Microsoft Managed Control 1346 - Identification And Authentication (Non-Organizational Users) (464dc8ce-2200-4720-87a5-dc5952924cc6)
add Policy Microsoft Managed Control 1621 - Resource Availability (3cb9f731-744a-4691-a481-ca77b0411538)
add Policy Microsoft Managed Control 1048 - System Use Notification (483e7ca9-82b3-45a2-be97-b93163a0deb7)
add Policy Microsoft Managed Control 1421 - Maintenance Personnel (e539caaa-da8c-41b8-9e1e-449851e2f7a6)
add Policy Microsoft Managed Control 1458 - Physical Access Control | Information System Access (8c19ceb7-56e9-4488-8ddb-b1eb3aa6d203)
add Policy Microsoft Managed Control 1543 - Risk Assessment (fd00b778-b5b5-49c0-a994-734ea7bd3624)
add Policy Microsoft Managed Control 1526 - Access Agreements (953e6261-a05a-44fd-8246-000e1a3edbb9)
add Policy Microsoft Managed Control 1413 - Remote Maintenance (aeedddb6-6bc0-42d5-809b-80048033419d)
add Policy Microsoft Managed Control 1633 - Boundary Protection | Route Traffic To Authenticated Proxy Servers (07557aa0-e02f-4460-9a81-8ecd2fed601a)
add Policy Microsoft Managed Control 1385 - Information Spillage Response (3e495e65-8663-49ca-9b38-9f45e800bc58)
add Policy Microsoft Managed Control 1367 - Incident Handling | Insider Threats - Specific Capabilities (435b2547-6374-4f87-b42d-6e8dbe6ae62a)
add Policy Microsoft Managed Control 1063 - Remote Access | Managed Access Control Points (593ce201-54b2-4dd0-b34f-c308005d7780)
add Policy Microsoft Managed Control 1035 - Least Privilege | Authorize Access To Security Functions (ca94b046-45e2-444f-a862-dc8ce262a516)
add Policy Microsoft Managed Control 1351 - Incident Response Policy And Procedures (bcfb6683-05e5-4ce6-9723-c3fbe9896bdd)
add Policy Microsoft Managed Control 1202 - Access Restrictions For Change (40a2a83b-74f2-4c02-ae65-f460a5d2792a)
add Policy Microsoft Managed Control 1394 - System Maintenance Policy And Procedures (4db56f68-3f50-45ab-88f3-ca46f5379a94)
add Policy Microsoft Managed Control 1154 - System Interconnections | Unclassified Non-National Security System Connections (e757ceb9-93b3-45fe-a4f4-f43f64f1ac5a)
add Policy Microsoft Managed Control 1414 - Remote Maintenance (2ce63a52-e47b-4ae2-adbb-6e40d967f9e6)
add Policy Microsoft Managed Control 1723 - Information Input Validation (e91927a0-ac1d-44a0-95f8-5185f9dfce9f)
add Policy Microsoft Managed Control 1531 - Third-Party Personnel Security (f0643e0c-eee5-4113-8684-c608d05c5236)
add Policy Microsoft Managed Control 1423 - Maintenance Personnel | Individuals Without Appropriate Access (7741669e-d4f6-485a-83cb-e70ce7cbbc20)
add Policy Microsoft Managed Control 1646 - Cryptographic Key Establishment And Management | Asymmetric Keys (506814fa-b930-4b10-894e-a45b98c40e1a)
add Policy Microsoft Managed Control 1245 - Contingency Plan (a0e45314-57b8-4623-80cd-bbb561f59516)
add Policy Microsoft Managed Control 1171 - Penetration Testing | Independent Penetration Agent Or Team (6d4820bc-8b61-4982-9501-2123cb776c00)
add Policy Microsoft Managed Control 1718 - Software & Information Integrity | Binary Or Machine Executable Code (0dced7ab-9ce5-4137-93aa-14c13e06ab17)
add Policy Microsoft Managed Control 1059 - Remote Access (a29b5d9f-4953-4afe-b560-203a6410b6b4)
add Policy Microsoft Managed Control 1694 - Information System Monitoring | Analyze Communications Traffic Anomalies (426c4ac9-ff17-49d0-acd7-a13c157081c0)
add Policy Microsoft Managed Control 1087 - Security Awareness And Training Policy And Procedures (100c82ba-42e9-4d44-a2ba-94b209248583)
add Policy Microsoft Managed Control 1039 - Least Privilege | Review Of User Privileges (3a7b9de4-a8a2-4672-914d-c5f6752aa7f9)
add Policy Microsoft Managed Control 1141 - Audit Generation | Changes By Authorized Individuals (6fdefbf4-93e7-4513-bc95-c1858b7093e0)
add Policy Microsoft Managed Control 1656 - Secure Name / Address Resolution Service (Authoritative Source) (1cb067d5-c8b5-4113-a7ee-0a493633924b)
add Policy Microsoft Managed Control 1326 - Authenticator Management (8605fc00-1bf5-4fb3-984e-c95cec4f231d)
add Policy Microsoft Managed Control 1310 - Device Identification And Authentication (450d7ede-823d-4931-a99d-57f6a38807dc)
add Policy Microsoft Managed Control 1137 - Audit Generation (4344df62-88ab-4637-b97b-bcaf2ec97e7c)
add Policy Microsoft Managed Control 1324 - Authenticator Management (8cfea2b3-7f77-497e-ac20-0752f2ff6eee)
add Policy Microsoft Managed Control 1145 - Security Assessments (a0724970-9c75-4a64-a225-a28002953f28)
add Policy Microsoft Managed Control 1323 - Authenticator Management (abe8f70b-680f-470c-9b86-a7edfb664ecc)
add Policy Microsoft Managed Control 1106 - Audit Events | Reviews And Updates (d2b4feae-61ab-423f-a4c5-0e38ac4464d8)
add Policy Microsoft Managed Control 1096 - Role-Based Security Training | Practical Exercises (420c1477-aa43-49d0-bd7e-c4abdd9addff)
add Policy Microsoft Managed Control 1690 - Information System Monitoring | System-Wide Intrusion Detection System (a2567a23-d1c3-4783-99f3-d471302a4d6b)
add Policy Microsoft Managed Control 1650 - Public Key Infrastructure Certificates (201d3740-bd16-4baf-b4b8-7cda352228b7)
add Policy Microsoft Managed Control 1186 - Configuration Change Control (b95ba3bd-4ded-49ea-9d10-c6f4b680813d)
add Policy Microsoft Managed Control 1123 - Audit Review, Analysis, And Reporting | Audit Level Adjustment (03996055-37a4-45a5-8b70-3f1caa45f87d)
add Policy Microsoft Managed Control 1487 - Alternate Work Site (e9c3371d-c30c-4f58-abd9-30b8a8199571)
add Policy Microsoft Managed Control 1681 - Malicious Code Protection | Automatic Updates (12623e7e-4736-4b2e-b776-c1600f35f93a)
add Policy Microsoft Managed Control 1330 - Authenticator Management | Password-Based Authentication (f75cedb2-5def-4b31-973e-b69e8c7bd031)
add Policy Microsoft Managed Control 1371 - Incident Reporting (9447f354-2c85-4700-93b3-ecdc6cb6a417)
add Policy Microsoft Managed Control 1456 - Physical Access Control (733ba9e3-9e7c-440a-a7aa-6196a90a2870)
add Policy Microsoft Managed Control 1420 - Maintenance Personnel (05ae08cc-a282-413b-90c7-21a2c60b8404)
add Policy Microsoft Managed Control 1255 - Contingency Plan | Continue Essential Missions / Business Functions (f3793f5e-937f-44f7-bfba-40647ef3efa0)
add Policy Microsoft Managed Control 1261 - Contingency Plan Testing (65aeceb5-a59c-4cb1-8d82-9c474be5d431)
add Policy Microsoft Managed Control 1129 - Time Stamps | Synchronization With Authoritative Time Source (71bb965d-4047-4623-afd4-b8189a58df5d)
add Policy Microsoft Managed Control 1068 - Wireless Access Restrictions (2d045bca-a0fd-452e-9f41-4ec33769717c)
add Policy Microsoft Managed Control 1397 - Controlled Maintenance (391af4ab-1117-46b9-b2c7-78bbd5cd995b)
add Policy Microsoft Managed Control 1272 - Alternate Processing Site (ae46cf7a-e3fd-427b-9b91-44bc78e2d9d8)
add Policy Microsoft Managed Control 1142 - Certification, Authorization, Security Assessment Policy And Procedures (01524fa8-4555-48ce-ba5f-c3b8dcef5147)
add Policy Microsoft Managed Control 1263 - Contingency Plan Testing (41472613-3b05-49f6-8fe8-525af113ce17)
add Policy Microsoft Managed Control 1493 - System Security Plan (22b469b3-fccf-42da-aa3b-a28e6fb113ce)
add Policy Microsoft Managed Control 1499 - Rules Of Behavior (e59671ab-9720-4ee2-9c60-170e8c82251e)
add Policy Microsoft Managed Control 1359 - Incident Response Testing | Coordination With Related Plans (47bc7ea0-7d13-4f7c-a154-b903f7194253)
add Policy Microsoft Managed Control 1086 - Publicly Accessible Content (fb321e6f-16a0-4be3-878f-500956e309c5)
add Policy Microsoft Managed Control 1709 - Security Functionality Verification (025992d6-7fee-4137-9bbf-2ffc39c0686c)
add Policy Microsoft Managed Control 1360 - Incident Handling (be5b05e7-0b82-4ebc-9eda-25e447b1a41e)
add Policy Microsoft Managed Control 1389 - Information Spillage Response (c39e6fda-ae70-4891-a739-be7bba6d1062)
add Policy Microsoft Managed Control 1645 - Cryptographic Key Establishment And Management | Symmetric Keys (afbd0baf-ff1a-4447-a86f-088a97347c0c)
add Policy Microsoft Managed Control 1706 - Security Alerts & Advisories (f475ee0e-f560-4c9b-876b-04a77460a404)
add Policy Microsoft Managed Control 1094 - Role-Based Security Training (4b1853e0-8973-446b-b567-09d901d31a09)
add Policy Microsoft Managed Control 1391 - Information Spillage Response | Training (dd6ac1a1-660e-4810-baa8-74e868e2ed47)
add Policy Microsoft Managed Control 1115 - Audit Review, Analysis, And Reporting (0b653845-2ad9-4e09-a4f3-5a7c1d78353d)
add Policy Microsoft Managed Control 1566 - System Development Life Cycle (50ad3724-e2ac-4716-afcc-d8eabd97adb9)
add Policy Microsoft Managed Control 1047 - System Use Notification (e1ff6d62-a55c-41ab-90ba-90bb5b7b6f62)
add Policy Microsoft Managed Control 1518 - Personnel Termination (0d58f734-c052-40e9-8b2f-a1c2bff0b815)
add Policy Microsoft Managed Control 1670 - Flaw Remediation (c6108469-57ee-4666-af7e-79ba61c7ae0c)
add Policy Microsoft Managed Control 1469 - Power Equipment And Cabling (f509c5b6-0de0-4a4e-9b2e-cd9cbf3a58fd)
add Policy Microsoft Managed Control 1062 - Remote Access | Protection Of Confidentiality / Integrity Using Encryption (4708723f-e099-4af1-bbf9-b6df7642e444)
add Policy Microsoft Managed Control 1575 - Acquisitions Process | Functional Properties Of Security Controls (93e1bb73-1b08-4dbe-9c62-8e2e92e7ec41)
add Policy Microsoft Managed Control 1470 - Emergency Shutoff (c89ba09f-2e0f-44d0-8095-65b05bd151ef)
add Policy Microsoft Managed Control 1103 - Audit Events (16feeb31-6377-437e-bbab-d7f73911896d)
add Policy Microsoft Managed Control 1175 - Configuration Management Policy And Procedures (6dab4254-c30d-4bb7-ae99-1d21586c063c)
add Policy Microsoft Managed Control 1442 - Media Sanitization And Disposal | Nondestructive Techniques (4f26049b-2c5a-4841-9ff3-d48a26aae475)
add Policy Microsoft Managed Control 1038 - Least Privilege | Privileged Accounts (26692e88-71b7-4a5f-a8ac-9f31dd05bd8e)
add Policy Microsoft Managed Control 1316 - Identifier Management | Identify User Status (8ce14753-66e5-465d-9841-26ef55c09c0d)
add Policy Microsoft Managed Control 1528 - Access Agreements (deb9797c-22f8-40e8-b342-a84003c924e6)
add Policy Microsoft Managed Control 1468 - Visitor Access Records | Automated Records Maintenance / Review (75603f96-80a1-4757-991d-5a1221765ddd)
add Policy Microsoft Managed Control 1422 - Maintenance Personnel (ea556850-838d-4a37-8ce5-9d7642f95e11)
add Policy Microsoft Managed Control 1001 - Access Control Policy And Procedures Requirements (4e26f8c3-4bf3-4191-b8fc-d888805101b7)
add Policy Microsoft Managed Control 1685 - Information System Monitoring (36b0ef30-366f-4b1b-8652-a3511df11f53)
add Policy Microsoft Managed Control 1162 - Continuous Monitoring (5770f3d6-8c2b-4f6f-bf0e-c8c8fc36d592)
add Policy Microsoft Managed Control 1548 - Vulnerability Scanning (3afe6c78-6124-4d95-b85c-eb8c0c9539cb)
add Policy Microsoft Managed Control 1022 - Account Management | Shared / Group Account Credential Termination (411f7e2d-9a0b-4627-a0b9-1700432db47d)
add Policy Microsoft Managed Control 1155 - System Interconnections | Restrictions On External System Connections (4d33f9f1-12d0-46ad-9fbd-8f8046694977)
add Policy Microsoft Managed Control 1248 - Contingency Plan (50fc602d-d8e0-444b-a039-ad138ee5deb0)
add Policy Microsoft Managed Control 1206 - Access Restrictions For Change | Limit Production / Operational Privileges (e0de232d-02a0-4652-872d-88afb4ae5e91)
add Policy Microsoft Managed Control 1184 - Configuration Change Control (13579d0e-0ab0-4b26-b0fb-d586f6d7ed20)
add Policy Microsoft Managed Control 1381 - Incident Response Plan (e5368258-9684-4567-8126-269f34e65eab)
add Policy Microsoft Managed Control 1121 - Audit Review, Analysis, And Reporting | Correlation With Physical Monitoring (c72b0eb9-1fc2-44e5-a866-e7cb0532f7c1)
add Policy Microsoft Managed Control 1190 - Configuration Change Control (c66a3d1e-465b-4f28-9da5-aef701b59892)
add Policy Microsoft Managed Control 1415 - Remote Maintenance (61a1dd98-b259-4840-abd5-fbba7ee0da83)
add Policy Microsoft Managed Control 1402 - Controlled Maintenance | Automated Maintenance Activities (0a560d32-8075-4fec-9615-9f7c853f4ea9)
add Policy Microsoft Managed Control 1617 - Application Partitioning (a631d8f5-eb81-4f9d-9ee1-74431371e4a3)
add Policy Microsoft Managed Control 1336 - Authenticator Management | Pki-Based Authentication (77f56280-e367-432a-a3b9-8ca2aa636a26)
add Policy Microsoft Managed Control 1436 - Media Transport (28aab8b4-74fd-4b7c-9080-5a7be525d574)
add Policy Microsoft Managed Control 1533 - Third-Party Personnel Security (bba2a036-fb3b-4261-b1be-a13dfb5fbcaa)
add Policy Microsoft Managed Control 1489 - Location Of Information System Components (9d0a794f-1444-4c96-9534-e35fc8c39c91)
add Policy Microsoft Managed Control 1653 - Mobile Code (6b1c00a7-7fd0-42b0-8c5b-c45f6fa1f71b)
add Policy Microsoft Managed Control 1455 - Physical Access Control (068a88d4-e520-434e-baf0-9005a8164e6a)
add Policy Microsoft Managed Control 1181 - Baseline Configuration | Retention Of Previous Configurations (21839937-d241-4fa5-95c6-b669253d9ab9)
add Policy Microsoft Managed Control 1054 - Session Termination (5807e1b4-ba5e-4718-8689-a0ca05a191b2)
add Policy Microsoft Managed Control 1319 - Authenticator Management (66f7ae57-5560-4fc5-85c9-659f204e7a42)
add Policy Microsoft Managed Control 1561 - Allocation Of Resources (40364c3f-c331-4e29-b1e3-2fbe998ba2f5)
add Policy Microsoft Managed Control 1364 - Incident Handling | Dynamic Reconfiguration (4c615c2a-dc83-4dda-8220-abce7b50c9bc)
add Policy Microsoft Managed Control 1213 - Configuration Settings | Respond To Unauthorized Changes (81f11e32-a293-4a58-82cd-134af52e2318)
add Policy Microsoft Managed Control 1199 - Configuration Change Control | Cryptography Management (a9a08d1c-09b1-48f1-90ea-029bbdf7111e)
add Policy Microsoft Managed Control 1140 - Audit Generation | System-Wide / Time-Correlated Audit Trail (90d8b8ad-8ee3-4db7-913f-2a53fcff5316)
add Policy Microsoft Managed Control 1471 - Emergency Shutoff (7dd0e9ce-1772-41fb-a50a-99977071f916)
add Policy Microsoft Managed Control 1201 - Security Impact Analysis | Separate Test Environments (7daef997-fdd3-461b-8807-a608a6dd70f1)
add Policy Microsoft Managed Control 1447 - Physical Access Authorizations (b9783a99-98fe-4a95-873f-29613309fe9a)
add Policy Microsoft Managed Control 1057 - Permitted Actions Without Identification Or Authentication (78255758-6d45-4bf0-a005-7016bc03b13c)
add Policy Microsoft Managed Control 1147 - Security Assessments (8fef824a-29a8-4a4c-88fc-420a39c0d541)
add Policy Microsoft Managed Control 1267 - Alternate Storage Site (4e97ba1d-be5d-4953-8da4-0cccf28f4805)
add Policy Microsoft Managed Control 1112 - Response To Audit Processing Failures (d530aad8-4ee2-45f4-b234-c061dae683c0)
add Policy Microsoft Managed Control 1616 - System And Communications Protection Policy And Procedures (2006457a-48b3-4f7b-8d2e-1532287f9929)
add Policy Microsoft Managed Control 1281 - Telecommunications Services | Priority Of Service Provisions (8dc459b3-0e77-45af-8d71-cfd8c9654fe2)
add Policy Microsoft Managed Control 1107 - Content Of Audit Records (b29ed931-8e21-4779-8458-27916122a904)
add Policy Microsoft Managed Control 1467 - Visitor Access Records (5350cbf9-8bdd-4904-b22a-e88be84ca49d)
add Policy Microsoft Managed Control 1477 - Fire Protection | Detection Devices / Systems (4862a63c-6c74-4a9d-a221-89af3c374503)
add Policy Microsoft Managed Control 1602 - Developer Security Testing And Evaluation (ddae2e97-a449-499f-a1c8-aea4a7e52ec9)
add Policy Microsoft Managed Control 1015 - Account Management | Disable Inactive Accounts (544a208a-9c3f-40bc-b1d1-d7e144495c14)
add Policy Microsoft Managed Control 1254 - Contingency Plan | Resume All Missions / Business Functions (704e136a-4fe0-427c-b829-cd69957f5d2b)
add Policy Microsoft Managed Control 1679 - Malicious Code Protection (2cf42a28-193e-41c5-98df-7688e7ef0a88)
add Policy Microsoft Managed Control 1569 - Acquisitions Process (ad2f8e61-a564-4dfd-8eaa-816f5be8cb34)
add Policy Microsoft Managed Control 1534 - Personnel Sanctions (8b2b263e-cd05-4488-bcbf-4debec7a17d9)
add Policy Microsoft Managed Control 1226 - Information System Component Inventory | Automated Unauthorized Component Detection (c158eb1c-ae7e-4081-8057-d527140c4e0c)
add Policy Microsoft Managed Control 1541 - Risk Assessment (70f6af82-7be6-44aa-9b15-8b9231b2e434)
add Policy Microsoft Managed Control 1710 - Security Functionality Verification (af2a93c8-e6dd-4c94-acdd-4a2eedfc478e)
add Policy Microsoft Managed Control 1480 - Temperature And Humidity Controls (18a767cc-1947-4338-a240-bc058c81164f)
add Policy Microsoft Managed Control 1666 - System And Information Integrity Policy And Procedures (12e30ee3-61e6-4509-8302-a871e8ebb91e)
add Policy Microsoft Managed Control 1014 - Account Management | Removal Of Temporary / Emergency Accounts (5dee936c-8037-4df1-ab35-6635733da48c)
add Policy Microsoft Managed Control 1153 - System Interconnections (61cf3125-142c-4754-8a16-41ab4d529635)
add Policy Microsoft Managed Control 1672 - Flaw Remediation | Central Management (b45fe972-904e-45a4-ac20-673ba027a301)
add Policy Microsoft Managed Control 1365 - Incident Handling | Continuity Of Operations (4116891d-72f7-46ee-911c-8056cc8dcbd5)
add Policy Microsoft Managed Control 1682 - Malicious Code Protection | Nonsignature-Based Detection (62b638c5-29d7-404b-8d93-f21e4b1ce198)
add Policy Microsoft Managed Control 1216 - Least Functionality | Periodic Review (7894fe6a-f5cb-44c8-ba90-c3f254ff9484)
add Policy Microsoft Managed Control 1603 - Developer Security Testing And Evaluation (2b909c26-162f-47ce-8e15-0c1f55632eac)
add Policy Microsoft Managed Control 1119 - Audit Review, Analysis, And Reporting | Central Review And Analysis (845f6359-b764-4b40-b579-657aefe23c44)
add Policy Microsoft Managed Control 1410 - Maintenance Tools | Prevent Unauthorized Removal (a2596a9f-e59f-420d-9625-6e0b536348be)
add Policy Microsoft Managed Control 1494 - System Security Plan (9ed09d84-3311-4853-8b67-2b55dfa33d09)
add Policy Microsoft Managed Control 1092 - Security Awareness | Insider Threat (8a29d47b-8604-4667-84ef-90d203fcb305)
add Policy Microsoft Managed Control 1260 - Contingency Training | Simulated Events (42254fc4-2738-4128-9613-72aaa4f0d9c3)
add Policy Microsoft Managed Control 1395 - System Maintenance Policy And Procedures (7207a023-a517-41c5-9df2-09d4c6845a05)
add Policy Microsoft Managed Control 1095 - Role-Based Security Training (bc3f6f7a-057b-433e-9834-e8c97b0194f6)
add Policy Microsoft Managed Control 1127 - Time Stamps (3ce328db-aef3-48ed-9f81-2ab7cf839c66)
add Policy Microsoft Managed Control 1205 - Access Restrictions For Change | Signed Components (5b070cab-0fb8-4e48-ad29-fc90b4c2797c)
add Policy Microsoft Managed Control 1169 - Continuous Monitoring | Trend Analyses (e7ba2cb3-5675-4468-8b50-8486bdd998a5)
add Policy Microsoft Managed Control 1176 - Baseline Configuration (c30690a5-7bf3-467f-b0cd-ef5c7c7449cd)
add Policy Microsoft Managed Control 1374 - Incident Response Assistance (cc5c8616-52ef-4e5e-8000-491634ed9249)
add Policy Microsoft Managed Control 1193 - Configuration Change Control | Automated Document / Notification / Prohibition Of Changes (f5fd629f-3075-4cae-ab53-bad65495a4ac)
add Policy Microsoft Managed Control 1247 - Contingency Plan (4e666db5-b2ef-4b06-aac6-09bfce49151b)
add Policy Microsoft Managed Control 1033 - Separation Of Duties (48540f01-fc11-411a-b160-42807c68896e)
add Policy Microsoft Managed Control 1356 - Incident Response Training | Simulated Events (8829f8f5-e8be-441e-85c9-85b72a5d0ef3)
add Policy Microsoft Managed Control 1466 - Visitor Access Records (0d943a9c-a6f1-401f-a792-740cdb09c451)
add Policy Microsoft Managed Control 1720 - Spam Protection (44b9a7cd-f36a-491a-a48b-6d04ae7c4221)
add Policy Microsoft Managed Control 1196 - Configuration Change Control | Automated Document / Notification / Prohibition Of Changes (4e7f4ea4-dd62-44f6-8886-ac6137cf52b0)
add Policy Microsoft Managed Control 1524 - Personnel Transfer (72f1cb4e-2439-4fe8-88ea-b8671ce3c268)
add Policy Microsoft Managed Control 1676 - Malicious Code Protection (c10fb58b-56a8-489e-9ce3-7ffe24e78e4b)
add Policy Microsoft Managed Control 1069 - Wireless Access Restrictions | Authentication And Encryption (91c97b44-791e-46e9-bad7-ab7c4949edbb)
add Policy Microsoft Managed Control 1437 - Media Transport | Cryptographic Protection (6d1eb6ed-bf13-4046-b993-b9e2aef0f76c)
add Policy Microsoft Managed Control 1644 - Cryptographic Key Establishment And Management | Availability (a7211477-c970-446b-b4af-062f37461147)
add Policy Microsoft Managed Control 1478 - Fire Protection | Suppression Devices / Systems (f997df46-cfbb-4cc8-aac8-3fecdaf6a183)
add Policy Microsoft Managed Control 1542 - Risk Assessment (eab340d0-3d55-4826-a0e5-feebfeb0131d)
add Policy Microsoft Managed Control 1298 - Identification And Authentication Policy And Procedures (1dc784b5-4895-4d27-9d40-a06b032bd1ee)
add Policy Microsoft Managed Control 1143 - Certification, Authorization, Security Assessment Policy And Procedures (7c6de11b-5f51-4f7c-8d83-d2467c8a816e)
add Policy Microsoft Managed Control 1473 - Emergency Power (d7047705-d719-46a7-8bb0-76ad233eba71)
add Policy Microsoft Managed Control 1675 - Flaw Remediation | Time To Remediate Flaws / Benchmarks For Corrective Actions (facb66e0-1c48-478a-bed5-747a312323e1)
add Policy Microsoft Managed Control 1726 - Information Output Handling And Retention (baff1279-05e0-4463-9a70-8ba5de4c7aa4)
add Policy Microsoft Managed Control 1492 - System Security Plan (7ad5f307-e045-46f7-8214-5bdb7e973737)
add Policy Microsoft Managed Control 1013 - Account Management | Automated System Account Management (8fd7b917-d83b-4379-af60-51e14e316c61)
add Policy Microsoft Managed Control 1239 - User-Installed Software (0be51298-f643-4556-88af-d7db90794879)
add Policy Microsoft Managed Control 1382 - Incident Response Plan (841392b3-40da-4473-b328-4cde49db67b3)
add Policy Microsoft Managed Control 1287 - Information System Backup (819dc6da-289d-476e-8500-7e341ef8677d)
add Policy Microsoft Managed Control 1599 - Developer Configuration Management | Software / Firmware Integrity Verification (0004bbf0-5099-4179-869e-e9ffe5fb0945)
add Policy Microsoft Managed Control 1551 - Vulnerability Scanning | Update Tool Capability (5bbda922-0172-4095-89e6-5b4a0bf03af7)
add Policy Microsoft Managed Control 1448 - Physical Access Authorizations (825d6494-e583-42f2-a3f2-6458e6f0004f)
add Policy Microsoft Managed Control 1538 - Security Categorization (1d7658b2-e827-49c3-a2ae-6d2bd0b45874)
add Policy Microsoft Managed Control 1355 - Incident Response Training (90e01f69-3074-4de8-ade7-0fef3e7d83e0)
add Policy Microsoft Managed Control 1583 - Information System Documentation (0882d488-8e80-4466-bc0f-0cd15b6cb66d)
add Policy Microsoft Managed Control 1517 - Personnel Termination (8f5ad423-50d6-4617-b058-69908f5586c9)
add Policy Microsoft Managed Control 1613 - Developer Security Architecture And Design (fe2ad78b-8748-4bff-a924-f74dfca93f30)
add Policy Microsoft Managed Control 1244 - Contingency Plan (6a13a8f8-c163-4b1b-8554-d63569dab937)
add Policy Microsoft Managed Control 1503 - Information Security Architecture (c1fa9c2f-d439-4ab9-8b83-81fb1934f81d)
add Policy Microsoft Managed Control 1306 - User Identification And Authentication | Network Access To Privileged Accounts - Replay... (cafc6c3c-5fc5-4c5e-a99b-a0ccb1d34eff)
add Policy Microsoft Managed Control 1622 - Boundary Protection (ecf56554-164d-499a-8d00-206b07c27bed)
add Policy Microsoft Managed Control 1174 - Configuration Management Policy And Procedures (42a9a714-8fbb-43ac-b115-ea12d2bd652f)
add Policy Microsoft Managed Control 1003 - Account Management (3b68b179-3704-4ff7-b51d-7d65374d165d)
add Policy Microsoft Managed Control 1285 - Telecommunications Services | Provider Contingency Plan (01f7726b-db54-45c2-bcb5-9bd7a43796ee)
add Policy Microsoft Managed Control 1384 - Information Spillage Response (79fbc228-461c-4a45-9004-a865ca0728a7)
add Policy Microsoft Managed Control 1428 - Media Access (0a77fcc7-b8d8-451a-ab52-56197913c0c7)
add Policy Microsoft Managed Control 1286 - Telecommunications Services | Provider Contingency Plan (b4f9b47a-2116-4e6f-88db-4edbf22753f1)
add Policy Microsoft Managed Control 1662 - Fail In Known State (165cb91f-7ea8-4ab7-beaf-8636b98c9d15)
add Policy Microsoft Managed Control 1719 - Spam Protection (c13da9b4-fe14-4fe2-853a-5997c9d4215a)
add Policy Microsoft Managed Control 1507 - Personnel Security Policy And Procedures (86ccd1bf-e7ad-4851-93ce-6ec817469c1e)
add Policy Microsoft Managed Control 1002 - Account Management (632024c2-8079-439d-a7f6-90af1d78cc65)
add Policy Microsoft Managed Control 1083 - Publicly Accessible Content (4e319cb6-2ca3-4a58-ad75-e67f484e50ec)
add Policy Microsoft Managed Control 1400 - Controlled Maintenance (a96d5098-a604-4cdf-90b1-ef6449a27424)
add Policy Microsoft Managed Control 1363 - Incident Handling | Automated Incident Handling Processes (ea3e8156-89a1-45b1-8bd6-938abc79fdfd)
add Policy Microsoft Managed Control 1684 - Information System Monitoring (16bfdb59-db38-47a5-88a9-2e9371a638cf)
add Policy Microsoft Managed Control 1587 - External Information System Services (32820956-9c6d-4376-934c-05cd8525be7c)
add Policy Microsoft Managed Control 1445 - Physical And Environmental Protection Policy And Procedures (32d07d59-2716-4972-b37b-214a67ac4a37)
add Policy Microsoft Managed Control 1378 - Incident Response Plan (97fceb70-6983-42d0-9331-18ad8253184d)
add Policy Microsoft Managed Control 1017 - Account Management | Inactivity Logout (0fc3db37-e59a-48c1-84e9-1780cedb409e)
add Policy Microsoft Managed Control 1638 - Boundary Protection | Dynamic Isolation / Segregation (49b99653-32cd-405d-a135-e7d60a9aae1f)
add Policy Microsoft Managed Control 1366 - Incident Handling | Information Correlation (06c45c30-ae44-4f0f-82be-41331da911cc)
add Policy Microsoft Managed Control 1097 - Role-Based Security Training | Suspicious Communications And Anomalous System Behavior (cf3e4836-f19e-47eb-a8cd-c3ca150452c0)
add Policy Microsoft Managed Control 1636 - Boundary Protection | Isolation Of Security Tools / Mechanisms / Support Components (7b694eed-7081-43c6-867c-41c76c961043)
add Policy Microsoft Managed Control 1571 - Acquisitions Process (b11c985b-f2cd-4bd7-85f4-b52426edf905)
add Policy Microsoft Managed Control 1093 - Role-Based Security Training (7a0bdeeb-15f4-47e8-a1da-9f769f845fdf)
add Policy Microsoft Managed Control 1370 - Incident Monitoring | Automated Tracking / Data Collection / Analysis (924e1b2d-c502-478f-bfdb-a7e09a0d5c01)
add Policy Microsoft Managed Control 1441 - Media Sanitization And Disposal | Equipment Testing (6519d7f3-e8a2-4ff3-a935-9a9497152ad7)
add Policy Microsoft Managed Control 1030 - Information Flow Enforcement | Physical / Logical Separation Of Information Flows (d3531453-b869-4606-9122-29c1cd6e7ed1)
add Policy Microsoft Managed Control 1045 - Unsuccessful Logon Attempts (554d2dd6-f3a8-4ad5-b66f-5ce23bd18892)
add Policy Microsoft Managed Control 1635 - Boundary Protection | Host-Based Protection (87551b5d-1deb-4d0f-86cc-9dc14cb4bf7e)
add Policy Microsoft Managed Control 1443 - Media Use (cd0ec6fa-a2e7-4361-aee4-a8688659a9ed)
add Policy Microsoft Managed Control 1661 - Session Authenticity | Invalidate Session Identifiers At Logout (4c643c9a-1be7-4016-a5e7-e4bada052920)
add Policy Microsoft Managed Control 1183 - Baseline Configuration | Configure Systems, Components, Or Devices For High-Risk Areas (5352e3e0-e63a-452e-9e5f-9c1d181cff9c)
add Policy Microsoft Managed Control 1519 - Personnel Termination (2f13915a-324c-4ab8-b45c-2eefeeefb098)
add Policy Microsoft Managed Control 1701 - Information System Monitoring | Host-Based Devices (f25bc08f-27cb-43b6-9a23-014d00700426)
add Policy Microsoft Managed Control 1572 - Acquisitions Process (04f5fb00-80bb-48a9-a75b-4cb4d4c97c36)
add Policy Microsoft Managed Control 1279 - Telecommunications Services (7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0)
add Policy Microsoft Managed Control 1377 - Incident Response Assistance | Coordination With External Providers (68434bd1-e14b-4031-9edb-a4adf5f84a67)
add Policy Microsoft Managed Control 1522 - Personnel Transfer (38b470cc-f939-4a15-80e0-9f0c74f2e2c9)
add Policy Microsoft Managed Control 1605 - Developer Security Testing And Evaluation | Static Code Analysis (0062eb8b-dc75-4718-8ea5-9bb4a9606655)
add Policy Microsoft Managed Control 1144 - Security Assessments (2fa15ff1-a693-4ee4-b094-324818dc9a51)
add Policy Microsoft Managed Control 1692 - Information System Monitoring | Inbound And Outbound Communications Traffic (7ecda928-9df4-4dd7-8f44-641a91e470e8)
add Policy Microsoft Managed Control 1525 - Personnel Transfer (9be2f688-7a61-45e3-8230-e1ec93893f66)
add Policy Microsoft Managed Control 1475 - Emergency Lighting (34a63848-30cf-4081-937e-ce1a1c885501)
add Policy Microsoft Managed Control 1686 - Information System Monitoring (e17085c5-0be8-4423-b39b-a52d3d1402e5)
add Policy Microsoft Managed Control 1404 - Maintenance Tools (13d8f903-0cd6-449f-a172-50f6579c182b)
add Policy Microsoft Managed Control 1159 - Security Authorization (0925f098-7877-450b-8ba4-d1e55f2d8795)
add Policy Microsoft Managed Control 1011 - Account Management (7e6a54f3-883f-43d5-87c4-172dfd64a1f5)
add Policy Microsoft Managed Control 1223 - Information System Component Inventory (05a1bb01-ad5a-49c1-aad3-b0c893b2ec3a)
add Policy Microsoft Managed Control 1320 - Authenticator Management (6f54c732-71d4-4f93-a696-4e373eca3a77)
add Policy Microsoft Managed Control 1514 - Personnel Screening | Information With Special Protection Measures (9ed5ca00-0e43-434e-a018-7aab91461ba7)
add Policy Microsoft Managed Control 1280 - Telecommunications Services | Priority Of Service Provisions (fa108498-b3a8-4ffb-9e79-1107e76afad3)
add Policy Microsoft Managed Control 1438 - Media Sanitization And Disposal (40fcc635-52a2-4dbc-9523-80a1f4aa1de6)
add Policy Microsoft Managed Control 1673 - Flaw Remediation | Automated Flaw Remediation Status (dff0b90d-5a6f-491c-b2f8-b90aa402d844)
add Policy Microsoft Managed Control 1277 - Alternate Processing Site | Priority Of Service (dc43e829-3d50-4a0a-aa0f-428d551862aa)
add Policy Microsoft Managed Control 1383 - Incident Response Plan (d4558451-e16a-4d2d-a066-fe12a6282bb9)
add Policy Microsoft Managed Control 1249 - Contingency Plan (d3bf4251-0818-42db-950b-afd5b25a51c2)
add Policy Microsoft Managed Control 1405 - Maintenance Tools | Inspect Tools (fe1a0bf3-409a-4b00-b60d-0b1f917f7e7b)
add Policy Microsoft Managed Control 1150 - Security Assessments | External Organizations (d630429d-e763-40b1-8fba-d20ba7314afb)
add Policy Microsoft Managed Control 1704 - Security Alerts & Advisories (2d44b6fa-1134-4ea6-ad4e-9edb68f65429)
add Policy Microsoft Managed Control 1432 - Media Storage (1140e542-b80d-4048-af45-3f7245be274b)
add Policy Microsoft Managed Control 1362 - Incident Handling (5d169442-d6ef-439b-8dca-46c2c3248214)
add Policy Microsoft Managed Control 1614 - Developer Security Architecture And Design (8154e3b3-cc52-40be-9407-7756581d71f6)
add Policy Microsoft Managed Control 1000 - Access Control Policy And Procedures Requirements (2ef3cc79-733e-48ed-ab6f-7bf439e9b406)
add Policy Microsoft Managed Control 1549 - Vulnerability Scanning (d6976a08-d969-4df2-bb38-29556c2eb48a)
add Policy Microsoft Managed Control 1620 - Denial Of Service Protection (d17c826b-1dec-43e1-a984-7b71c446649c)
add Policy Microsoft Managed Control 1581 - Information System Documentation (742b549b-7a25-465f-b83c-ea1ffb4f4e0e)
add Policy Microsoft Managed Control 1725 - Error Handling (afc234b5-456b-4aa5-b3e2-ce89108124cc)
add Policy Microsoft Managed Control 1584 - Information System Documentation (5864522b-ff1d-4979-a9f8-58bee1fb174c)
add Policy Microsoft Managed Control 1055 - Session Termination| User-Initiated Logouts / Message Displays (769efd9b-3587-4e22-90ce-65ddcd5bd969)
add Policy Microsoft Managed Control 1590 - External Information System Services | Risk Assessments / Organizational Approvals (bf296b8c-f391-4ea4-9198-be3c9d39dd1f)
add Policy Microsoft Managed Control 1230 - Configuration Management Plan (11158848-f679-4e9b-aa7b-9fb07d945071)
add Policy Microsoft Managed Control 1146 - Security Assessments (dd83410c-ecb6-4547-8f14-748c3cbdc7ac)
add Policy Microsoft Managed Control 1497 - System Security Plan | Plan / Coordinate With Other Organizational Entities (2e3c5583-1729-4d36-8771-59c32f090a22)
add Policy Microsoft Managed Control 1462 - Monitoring Physical Access (9b1f3a9a-13a1-4b40-8420-36bca6fd8c02)
add Policy Microsoft Managed Control 1327 - Authenticator Management | Password-Based Authentication (03188d8f-1ae5-4fe1-974d-2d7d32ef937d)
add Policy Microsoft Managed Control 1677 - Malicious Code Protection (4a248e1e-040f-43e5-bff2-afc3a57a3923)
add Policy Microsoft Managed Control 1275 - Alternate Processing Site | Separation From Primary Site (a23d9d53-ad2e-45ef-afd5-e6d10900a737)
add Policy Microsoft Managed Control 1232 - Configuration Management Plan (396ba986-eac1-4d6d-85c4-d3fda6b78272)
add Policy Microsoft Managed Control 1158 - Security Authorization (fff50cf2-28eb-45b4-b378-c99412688907)
add Policy Microsoft Managed Control 1453 - Physical Access Control (9693b564-3008-42bc-9d5d-9c7fe198c011)
add Policy Microsoft Managed Control 1088 - Security Awareness And Training Policy And Procedures (1d50f99d-1356-49c0-934a-45f742ba7783)
add Policy Microsoft Managed Control 1334 - Authenticator Management | Pki-Based Authentication (44bfdadc-8c2e-4c30-9c99-f005986fabcd)
add Policy Microsoft Managed Control 1100 - Audit And Accountability Policy And Procedures (4057863c-ca7d-47eb-b1e0-503580cba8a4)
add Policy Microsoft Managed Control 1490 - Security Planning Policy And Procedures (9e61da80-0957-4892-b70c-609d5eaafb6b)
add Policy Microsoft Managed Control 1637 - Boundary Protection | Fail Secure (4075bedc-c62a-4635-bede-a01be89807f3)
add Policy Microsoft Managed Control 1597 - Developer Configuration Management (68b250ec-2e4f-4eee-898a-117a9fda7016)
add Policy Microsoft Managed Control 1354 - Incident Response Training (9fd92c17-163a-4511-bb96-bbb476449796)
add Policy Microsoft Managed Control 1290 - Information System Backup (92f85ce9-17b7-49ea-85ee-ea7271ea6b82)
add Policy Microsoft Managed Control 1396 - Controlled Maintenance (276af98f-4ff9-4e69-99fb-c9b2452fb85f)
add Policy Microsoft Managed Control 1292 - Information System Backup | Test Restoration Using Sampling (d03516cf-0293-489f-9b32-a18f2a79f836)
add Policy Microsoft Managed Control 1314 - Identifier Management (ef0c8530-efd9-45b8-b753-f03083d06295)
add Policy Microsoft Managed Control 1440 - Media Sanitization And Disposal | Review / Approve / Track / Document / Verify (881299bf-2a5b-4686-a1b2-321d33679953)
add Policy Microsoft Managed Control 1070 - Wireless Access Restrictions | Disable Wireless Networking (68f837d0-8942-4b1e-9b31-be78b247bda8)
add Policy Microsoft Managed Control 1361 - Incident Handling (03ed3be1-7276-4452-9a5d-e4168565ac67)
add Policy Microsoft Managed Control 1527 - Access Agreements (2823de66-332f-4bfd-94a3-3eb036cd3b67)
add Policy Microsoft Managed Control 1342 - Authenticator Management | Hardware Token-Based Authentication (283a4e29-69d5-4c94-b99e-29acf003c899)
add Policy Microsoft Managed Control 1631 - Boundary Protection | Deny By Default / Allow By Exception (74ae9b8e-e7bb-4c9c-992f-c535282f7a2c)
add Policy Microsoft Managed Control 1425 - Timely Maintenance (5983d99c-f39b-4c32-a3dc-170f19f6941b)
add Policy Microsoft Managed Control 1315 - Identifier Management (3aa87116-f1a1-4edb-bfbf-14e036f8d454)
add Policy Microsoft Managed Control 1500 - Rules Of Behavior (9dd5b241-03cb-47d3-a5cd-4b89f9c53c92)
add Policy Microsoft Managed Control 1335 - Authenticator Management | Pki-Based Authentication (382016f3-d4ba-4e15-9716-55077ec4dc2a)
add Policy Microsoft Managed Control 1207 - Access Restrictions For Change | Limit Production / Operational Privileges (8713a0ed-0d1e-4d10-be82-83dffb39830e)
add Policy Microsoft Managed Control 1008 - Account Management (8356cfc6-507a-4d20-b818-08038011cd07)
add Policy Microsoft Managed Control 1508 - Position Categorization (76f500cc-4bca-4583-bda1-6d084dc21086)
add Policy Microsoft Managed Control 1009 - Account Management (b26f8610-e615-47c2-abd6-c00b2b0b503a)
add Policy Microsoft Managed Control 1564 - System Development Life Cycle (157f0ef9-143f-496d-b8f9-f8c8eeaad801)
add Policy Microsoft Managed Control 1278 - Alternate Processing Site | Preparation For Use (8e5ef485-9e16-4c53-a475-fbb8107eac59)
add Policy Microsoft Managed Control 1084 - Publicly Accessible Content (d0eb15db-dd1c-4d1d-b200-b12dd6cd060c)
add Policy Microsoft Managed Control 1399 - Controlled Maintenance (2256e638-eb23-480f-9e15-6cf1af0a76b3)
add Policy Microsoft Managed Control 1717 - Software & Information Integrity | Binary Or Machine Executable Code (967773fc-d9ab-4a4e-8ff6-f5e9e3f5dbef)
add Policy Microsoft Managed Control 1375 - Incident Response Assistance | Automation Support For Availability Of Information / Support (00379355-8932-4b52-b63a-3bc6daf3451a)
add Policy Microsoft Managed Control 1594 - Developer Configuration Management (042ba2a1-8bb8-45f4-b080-c78cf62b90e9)
add Policy Microsoft Managed Control 1461 - Monitoring Physical Access (aafef03e-fea8-470b-88fa-54bd1fcd7064)
add Policy Microsoft Managed Control 1372 - Incident Reporting (25b96717-c912-4c00-9143-4e487f411726)
add Policy Microsoft Managed Control 1007 - Account Management (17200329-bf6c-46d8-ac6d-abf4641c2add)
add Policy Microsoft Managed Control 1134 - Protection Of Audit Information | Access By Subset Of Privileged Users (4e95f70e-181c-4422-9da2-43079710c789)
add Policy Microsoft Managed Control 1352 - Incident Response Policy And Procedures (518cb545-bfa8-43f8-a108-3b7d5037469a)
add Policy Microsoft Managed Control 1722 - Spam Protection | Automatic Updates (e1da06bd-25b6-4127-a301-c313d6873fff)
add Policy Microsoft Managed Control 1322 - Authenticator Management (9d1d971e-467e-4278-9633-c74c3d4fecc4)
add Policy Microsoft Managed Control 1126 - Audit Reduction And Report Generation | Automatic Processing (7f37f71b-420f-49bf-9477-9c0196974ecf)
add Policy Microsoft Managed Control 1289 - Information System Backup (7a724864-956a-496c-b778-637cb1d762cf)
add Policy Microsoft Managed Control 1702 - Information System Monitoring | Indicators Of Compromise (4dfc0855-92c4-4641-b155-a55ddd962362)
add Policy Microsoft Managed Control 1496 - System Security Plan (0ca96127-2f87-46ab-a4fc-0d2a786df1c8)
add Policy Microsoft Managed Control 1164 - Continuous Monitoring (0fb8d3ce-9e96-481c-9c68-88d4e3019310)
add Policy Microsoft Managed Control 1411 - Remote Maintenance (898d4fe8-f743-4333-86b7-0c9245d93e7d)
add Policy Microsoft Managed Control 1026 - Account Management | Disable Accounts For High-Risk Individuals (55419419-c597-4cd4-b51e-009fd2266783)
add Policy Microsoft Managed Control 1307 - User Identification And Authentication | Network Access To Non-Privileged Accounts - Replay... (84e622c8-4bed-417c-84c6-b2fb0dd73682)
add Policy Microsoft Managed Control 1297 - Information System Recovery And Reconstitution | Restore Within Time Period (93fd8af1-c161-4bae-9ba9-f62731f76439)
add Policy Microsoft Managed Control 1451 - Physical Access Control (e3f1e5a3-25c1-4476-8cb6-3955031f8e65)
add Policy Microsoft Managed Control 1495 - System Security Plan (f4978d0e-a596-48e7-9f8c-bbf52554ce8d)
add Policy Microsoft Managed Control 1606 - Developer Security Testing And Evaluation | Threat And Vulnerability Analyses (baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca)
add Policy Microsoft Managed Control 1409 - Maintenance Tools | Prevent Unauthorized Removal (d1880188-e51a-4772-b2ab-68f5e8bd27f6)
add Policy Microsoft Managed Control 1082 - Information Sharing (24d480ef-11a0-4b1b-8e70-4e023bf2be23)
add Policy Microsoft Managed Control 1654 - Voice Over Internet Protocol (0a2ee16e-ab1f-414a-800b-d1608835862b)
add Policy Microsoft Managed Control 1079 - Use Of External Information Systems | Limits On Authorized Use (85c32733-7d23-4948-88da-058e2c56b60f)
add Policy Microsoft Managed Control 1211 - Configuration Settings (6a8b9dc8-6b00-4701-aa96-bba3277ebf50)
add Policy Microsoft Managed Control 1697 - Information System Monitoring | Analyze Traffic / Covert Exfiltration (f9873db2-18ad-46b3-a11a-1a1f8cbf0335)
add Policy Microsoft Managed Control 1066 - Remote Access | Disconnect / Disable Access (4455c2e8-c65d-4acf-895e-304916f90b36)
add Policy Microsoft Managed Control 1689 - Information System Monitoring (de901f2f-a01a-4456-97f0-33cda7966172)
add Policy Microsoft Managed Control 1065 - Remote Access | Privileged Commands / Access (f87b8085-dca9-4cf1-8f7b-9822b997797c)
add Policy Microsoft Managed Control 1450 - Physical Access Authorizations (134d7a13-ba3e-41e2-b236-91bfcfa24e01)
add Policy Microsoft Managed Control 1270 - Alternate Storage Site | Recovery Time / Point Objectives (53c76a39-2097-408a-b237-b279f7b4614d)
add Policy Microsoft Managed Control 1578 - Acquisitions Process | Functions / Ports / Protocols / Services In Use (45b7b644-5f91-498e-9d89-7402532d3645)
add Policy Microsoft Managed Control 1379 - Incident Response Plan (9442dd2c-a07f-46cd-b55a-553b66ba47ca)
add Policy Microsoft Managed Control 1187 - Configuration Change Control (9f2b2f9e-4ba6-46c3-907f-66db138b6f85)
add Policy Microsoft Managed Control 1550 - Vulnerability Scanning (902908fb-25a8-4225-a3a5-5603c80066c9)
add Policy Microsoft Managed Control 1557 - Vulnerability Scanning | Review Historic Audit Logs (36fbe499-f2f2-41b6-880e-52d7ea1d94a5)
add Policy Microsoft Managed Control 1264 - Contingency Plan Testing | Coordinate With Related Plans (dd280d4b-50a1-42fb-a479-ece5878acf19)
add Policy Microsoft Managed Control 1464 - Monitoring Physical Access | Intrusion Alarms / Surveillance Equipment (41256567-1795-4684-b00b-a1308ce43cac)
add Policy Microsoft Managed Control 1648 - Collaborative Computing Devices (3a9eb14b-495a-4ebb-933c-ce4ef5264e32)
add Policy Microsoft Managed Control 1165 - Continuous Monitoring (47e10916-6c9e-446b-b0bd-ff5fd439d79d)
add Policy Microsoft Managed Control 1243 - Contingency Planning Policy And Procedures (ca9a4469-d6df-4ab2-a42f-1213c396f0ec)
add Policy Microsoft Managed Control 1640 - Transmission Confidentiality And Integrity (05a289ce-6a20-4b75-a0f3-dc8601b6acd0)
add Policy Microsoft Managed Control 1520 - Personnel Termination (7f2c513b-eb16-463b-b469-c10e5fa94f0a)
add Policy Microsoft Managed Control 1252 - Contingency Plan | Capacity Planning (a328fd72-8ff5-4f96-8c9c-b30ed95db4ab)
add Policy Microsoft Managed Control 1474 - Emergency Power | Long-Term Alternate Power Supply - Minimal Operational Capability (03ad326e-d7a1-44b1-9a76-e17492efc9e4)
add Policy Microsoft Managed Control 1118 - Audit Review, Analysis, And Reporting | Correlate Audit Repositories (a96f743d-a195-420d-983a-08aa06bc441e)
add Policy Microsoft Managed Control 1454 - Physical Access Control (ad58985d-ab32-4f99-8bd3-b7e134c90229)
add Policy Microsoft Managed Control 1386 - Information Spillage Response (5120193e-91fd-4f9d-bc6d-194f94734065)
add Policy Microsoft Managed Control 1050 - Concurrent Session Control (bd20184c-b4ec-4ce5-8db6-6e86352d183f)
add Policy Microsoft Managed Control 1435 - Media Transport (fa8d221b-d130-4637-ba16-501e666628bb)
add Policy Microsoft Managed Control 1591 - External Information System Services | Identification Of Functions / Ports / Protocols... (f751cdb7-fbee-406b-969b-815d367cb9b3)
add Policy Microsoft Managed Control 1301 - User Identification And Authentication | Network Access To Privileged Accounts (b6a8e0cc-ac23-468b-abe4-a8a1cc6d7a08)
add Policy Microsoft Managed Control 1044 - Unsuccessful Logon Attempts (0abbac52-57cf-450d-8408-1208d0dd9e90)
add Policy Microsoft Managed Control 1209 - Configuration Settings (ce669c31-9103-4552-ae9c-cdef4e03580d)
add Policy Microsoft Managed Control 1357 - Incident Response Training | Automated Training Environments (e4213689-05e8-4241-9d4e-8dd1cdafd105)
add Policy Microsoft Managed Control 1250 - Contingency Plan (8de614d8-a8b7-4f70-a62a-6d37089a002c)
add Policy Microsoft Managed Control 1570 - Acquisitions Process (a7fcf38d-bb09-4600-be7d-825046eb162a)
add Policy Microsoft Managed Control 1350 - Identification And Authentication (Non-Organizational Users) | Use Of Ficam-Issued Profiles (d77fd943-6ba6-4a21-ba07-22b03e347cc4)
add Policy Microsoft Managed Control 1130 - Time Stamps | Synchronization With Authoritative Time Source (fd7c4c1d-51ee-4349-9dab-89a7f8c8d102)
add Policy Microsoft Managed Control 1329 - Authenticator Management | Password-Based Authentication (498f6234-3e20-4b6a-a880-cbd646d973bd)
add Policy Microsoft Managed Control 1556 - Vulnerability Scanning | Automated Trend Analyses (391ff8b3-afed-405e-9f7d-ef2f8168d5da)
add Policy Microsoft Managed Control 1417 - Remote Maintenance | Comparable Security / Sanitization (7522ed84-70d5-4181-afc0-21e50b1b6d0e)
add Policy Microsoft Managed Control 1373 - Incident Reporting | Automated Reporting (4cca950f-c3b7-492a-8e8f-ea39663c14f9)
add Policy Microsoft Managed Control 1712 - Software & Information Integrity (44e543aa-41db-42aa-98eb-8a5eb1db53f0)
add Policy Microsoft Managed Control 1128 - Time Stamps (ef212163-3bc4-4e86-bcf8-705127086393)
add Policy Microsoft Managed Control 1498 - Rules Of Behavior (633988b9-cf2f-4323-8394-f0d2af9cd6e1)
add Policy Microsoft Managed Control 1585 - Security Engineering Principles (d57f8732-5cdc-4cda-8d27-ab148e1f3a55)
add Policy Microsoft Managed Control 1485 - Delivery And Removal (50301354-95d0-4a11-8af5-8039ecf6d38b)
add Policy Microsoft Managed Control 1010 - Account Management (784663a8-1eb0-418a-a98c-24d19bc1bb62)
add Policy Microsoft Managed Control 1227 - Information System Component Inventory | Automated Unauthorized Component Detection (03b78f5e-4877-4303-b0f4-eb6583f25768)
add Policy Microsoft Managed Control 1544 - Risk Assessment (43ced7c9-cd53-456b-b0da-2522649a4271)
add Policy Microsoft Managed Control 1687 - Information System Monitoring (7a87fc7f-301e-49f3-ba2a-4d74f424fa97)
add Policy Microsoft Managed Control 1341 - Authenticator Management | Multiple Information System Accounts (34cb7e92-fe4c-4826-b51e-8cd203fa5d35)
add Policy Microsoft Managed Control 1098 - Security Training Records (84363adb-dde3-411a-9fc1-36b56737f822)
add Policy Microsoft Managed Control 1291 - Information System Backup | Testing For Reliability / Integrity (6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912)
Policy count Total Policies: 741
Builtin Policies: 741
Static Policies: 0
Policy used
Policy DisplayName Policy Id Category Effect Roles# Roles State
[Deprecated]: Azure Machine Learning workspaces should use private link 40cec1dd-a100-4920-b15b-3024fe8901ab Machine Learning Default
Audit
Allowed
Audit, Deny, Disabled		 0 Deprecated
[Preview]: All Internet traffic should be routed via your deployed Azure Firewall fc5e4038-4584-4632-8c85-c0448d374b2c Network Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 Preview
[Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed 8dfab9c4-fe7b-49ad-85e4-1e9be085358f Kubernetes Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 Preview
[Preview]: Azure Recovery Services vaults should use customer-managed keys for encrypting backup data 2e94d99a-8a36-4563-bc77-810d8893b671 Backup Default
Audit
Allowed
Audit, Deny, Disabled		 0 Preview
[Preview]: Certificates should have the specified maximum validity period 0a075868-4c26-42ef-914c-5bc007359560 Key Vault Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled		 0 Preview
[Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) 47031206-ce96-41f8-861b-6a915f3de284 Internet of Things Default
Audit
Allowed
Audit, Deny, Disabled		 0 Preview
[Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines 842c54e8-c2f9-4d79-ae8d-38d8b8019373 Monitoring Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 Preview
[Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e Monitoring Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 Preview
[Preview]: Network traffic data collection agent should be installed on Linux virtual machines 04c4380f-3fae-46e8-96c9-30193528f602 Monitoring Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 Preview
[Preview]: Network traffic data collection agent should be installed on Windows virtual machines 2f2ee1de-44aa-4762-b6bd-0893fc3f306d Monitoring Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 Preview
[Preview]: Storage account public access should be disallowed 4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled		 0 Preview
A maximum of 3 owners should be designated for your subscription 4f11b553-d42e-4e3a-89be-32ca364cad4c Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
A vulnerability assessment solution should be enabled on your virtual machines 501541f7-f7e7-4cd6-868c-4190fdad3ac9 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Accept assessment results 3054c74b-9b45-2581-56cf-053a1a716c39 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Accept only FICAM-approved third-party credentials 2d2ca910-7957-23ee-2945-33f401606efc Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Accept PIV credentials 55be3260-a7a2-3c06-7fe6-072d07525ab7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Adaptive application controls for defining safe applications should be enabled on your machines 47a6b606-51aa-4496-8bb7-64b11cf66adc Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Adaptive network hardening recommendations should be applied on internet facing virtual machines 08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities 3cf2ab00-13f1-4d0c-8971-2ac904541a7e Guest Configuration Fixed
modify		 1 Contributor GA
Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity 497dff13-db2a-4c0f-8603-28fa3b331ab6 Guest Configuration Fixed
modify		 1 Contributor GA
Address coding vulnerabilities 318b2bd9-9c39-9f8b-46a7-048401f33476 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Adhere to retention periods defined 1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Adjust level of audit review, analysis, and reporting de251b09-4a5e-1204-4bef-62ac58d47999 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Adopt biometric authentication mechanisms 7d7a8356-5c34-9a95-3118-1424cfaf192a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Alert personnel of information spillage 9622aaa9-5c49-40e2-5bf8-660b7cd23deb Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Align business objectives and IT goals ab02bb73-4ce1-89dd-3905-d93042809ba0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
All network ports should be restricted on network security groups associated to your virtual machine 9daedab3-fb2d-461e-b861-71790eead4f6 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Allocate resources in determining information system requirements 90a156a6-49ed-18d1-1052-69aac27c05cd Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Allowlist rules in your adaptive application control policy should be updated 123a3936-f020-408a-ba0c-47873faf1534 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
An Azure Active Directory administrator should be provisioned for SQL servers 1f314764-cb73-4fc9-b863-8eca98ac36e9 SQL Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Analyse data obtained from continuous monitoring 6a379d74-903b-244a-4c44-838728bea6b0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
API Management services should use a virtual network ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management Default
Audit
Allowed
Audit, Disabled		 0 GA
App Configuration should use private link ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
App Service apps should have 'Client Certificates (Incoming client certificates)' enabled 5bb220d9-2698-4ee4-8404-b9c30c9df609 App Service Default
Audit
Allowed
Audit, Disabled		 0 GA
App Service apps should have remote debugging turned off cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
App Service apps should have resource logs enabled 91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
App Service apps should not have CORS configured to allow every resource to access your apps 5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
App Service apps should only be accessible over HTTPS a4af4a39-4135-47fb-b175-47fbdf85311d App Service Default
Audit
Allowed
Audit, Disabled, Deny		 0 GA
App Service apps should require FTPS only 4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
App Service apps should use latest 'HTTP Version' 8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
App Service apps should use managed identity 2b9ad585-36bc-4615-b300-fd4435808332 App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
App Service apps should use the latest TLS version f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
App Service apps that use Java should use the latest 'Java version' 496223c3-ad65-4ecd-878a-bae78737e9ed App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
App Service apps that use PHP should use the latest 'PHP version' 7261b898-8a84-4db8-9e04-18527132abb3 App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
App Service apps that use Python should use the latest 'Python version' 7008174a-fd10-4ef0-817e-fc820a951d73 App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
App Service Environment should have internal encryption enabled fb74e86f-d351-4b8d-b034-93da7391c01f App Service Default
Audit
Allowed
Audit, Disabled		 0 GA
Assess information security events 37b0045b-3887-367b-8b4d-b9a6fa911bb9 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Assess risk in third party relationships 0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Assess Security Controls c423e64d-995c-9f67-0403-b540f65ba42a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Assign account managers 4c6df5ff-4ef2-4f17-a516-0da9189c603b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Assign an authorizing official (AO) e29a8f1b-149b-2fa3-969d-ebee1baa9472 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Assign information security representative to change control 6abdf7c7-362b-3f35-099e-533ed50988f9 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Assign risk designations b7897ddc-9716-2460-96f7-7757ad038cc4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Assign system identifiers f29b17a4-0df2-8a50-058a-8570f9979d28 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Audit Linux machines that allow remote connections from accounts without passwords ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Audit Linux machines that do not have the passwd file permissions set to 0644 e6955644-301c-44b5-a4c4-528577de6861 Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Audit Linux machines that have accounts without passwords f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Audit privileged functions f26af0b1-65b6-689a-a03f-352ad2d00f98 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Audit usage of custom RBAC roles a451c1ef-c6ca-483d-87ed-f49761e3ffb5 General Default
Audit
Allowed
Audit, Disabled		 0 GA
Audit user account status 49c23d9b-02b0-0e42-4f94-e8cef1b8381b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Audit virtual machines without disaster recovery configured 0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Compute Fixed
auditIfNotExists		 0 GA
Audit Windows machines that allow re-use of the previous 24 passwords 5b054a0d-39e2-4d53-bea3-9734cad2c69b Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Audit Windows machines that do not have a maximum password age of 70 days 4ceb8dc2-559c-478b-a15b-733fbf1e3738 Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Audit Windows machines that do not have a minimum password age of 1 day 237b38db-ca4d-4259-9e47-7882441ca2c0 Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Audit Windows machines that do not have the password complexity setting enabled bf16e0bb-31e1-4646-8202-60a235cc7e74 Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Audit Windows machines that do not restrict the minimum password length to 14 characters a2d0e922-65d0-40c4-8f87-ea6da2d307a2 Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Audit Windows machines that do not store passwords using reversible encryption da0f98fe-a24b-4ad5-af69-bd0400233661 Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Auditing on SQL server should be enabled a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 SQL Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Authenticate to cryptographic module 6f1de470-79f3-1572-866e-db0771352fc8 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Authentication to Linux machines should require SSH keys 630c64f9-8b6b-4c64-b511-6544ceff6fd6 Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Authorize access to security functions and information aeed863a-0f56-429f-945d-8bb66bd06841 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Authorize and manage access 50e9324a-7410-0539-0662-2c1e775538b7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Authorize remote access dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Authorize remote access to privileged commands 01c387ea-383d-4ca9-295a-977fab516b03 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Authorize, monitor, and control usage of mobile code technologies 291f20d4-8d93-1d73-89f3-6ce28b825563 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Authorize, monitor, and control voip e4e1f896-8a93-1151-43c7-0ad23b081ee2 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Authorized IP ranges should be defined on Kubernetes Services 0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Security Center Default
Audit
Allowed
Audit, Disabled		 0 GA
Auto provisioning of the Log Analytics agent should be enabled on your subscription 475aae12-b88a-4572-8b36-9b712b2b3a17 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Automate account management 2cc9c165-46bd-9762-5739-d2aae5ba90a1 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Automate approval request for proposed changes 575ed5e8-4c29-99d0-0e4d-689fb1d29827 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Automate flaw remediation a90c4d44-7fac-8e02-6d5b-0d92046b20e6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Automate implementation of approved change notifications c72fc0c8-2df8-7506-30be-6ba1971747e1 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Automate information sharing decisions e54901fe-42c2-7f3b-3c5f-327aa5320a69 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Automate notification of employee termination 729c8708-2bec-093c-8427-2e87d2cd426d Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Automate process to document implemented changes 43ac3ccb-4ef6-7d63-9a3f-6848485ba4e8 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Automate process to highlight unreviewed change proposals 92b49e92-570f-1765-804a-378e6c592e28 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Automate process to prohibit implementation of unapproved changes 7d10debd-4775-85a7-1a41-7e128e0e8c50 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Automate proposed documented changes 5c40f27b-6791-18c5-3f85-7b863bd99c11 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Automate remote maintenance activities b8587fce-138f-86e8-33a3-c60768bf1da6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Automation account variables should be encrypted 3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Azure API for FHIR should use a customer-managed key to encrypt data at rest 051cba44-2429-45b9-9649-46cec11c7119 API for FHIR Default
Audit
Allowed
audit, Audit, disabled, Disabled		 0 GA
Azure API for FHIR should use private link 1ee56206-5dd1-42ab-b02d-8aae8b1634ce API for FHIR Default
Audit
Allowed
Audit, Disabled		 0 GA
Azure Automation accounts should use customer-managed keys to encrypt data at rest 56a5ee18-2ae6-4810-86f7-18e39ce5629b Automation Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Azure Backup should be enabled for Virtual Machines 013e242c-8828-4970-87b3-ab247555486d Backup Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Azure Batch account should use customer-managed keys to encrypt data 99e9ccd8-3db9-4592-b0d1-14b1715a4d8a Batch Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Azure Cache for Redis should use private link 7803067c-7d34-46e3-8c79-0ca68fc4036d Cache Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Azure Cognitive Search service should use a SKU that supports private link a049bf77-880b-470f-ba6d-9f21c530cf83 Search Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Azure Cognitive Search services should disable public network access ee980b6d-0eca-4501-8d54-f6290fd512c3 Search Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Azure Cognitive Search services should use private link 0fda3595-9f2b-4592-8675-4231d6fa82fe Search Default
Audit
Allowed
Audit, Disabled		 0 GA
Azure Container Instance container group should use customer-managed key for encryption 0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Container Instance Default
Audit
Allowed
Audit, Disabled, Deny		 0 GA
Azure Cosmos DB accounts should have firewall rules 862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Cosmos DB Default
Deny
Allowed
Audit, Deny, Disabled		 0 GA
Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest 1f905d99-2ab7-462c-a6b0-f709acca6c8f Cosmos DB Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled		 0 GA
Azure Data Box jobs should enable double encryption for data at rest on the device c349d81b-9985-44ae-a8da-ff98d108ede8 Data Box Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password 86efb160-8de7-451d-bc08-5d475b0aadae Data Box Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Azure Data Explorer encryption at rest should use a customer-managed key 81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Azure data factories should be encrypted with a customer-managed key 4ec52d6d-beb7-40c4-9a9e-fe753254690e Data Factory Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Azure Data Factory should use private link 8b0323be-cc25-4b61-935d-002c3798c6ea Data Factory Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Azure DDoS Protection Standard should be enabled a7aca53f-2ed4-4466-a25e-0b45ade68efd Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Azure Defender for App Service should be enabled 2913021d-f2fd-4f3d-b958-22354e2bdbcb Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Azure Defender for Azure SQL Database servers should be enabled 7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Azure Defender for DNS should be enabled bdc59948-5574-49b3-bb91-76b7c986428d Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Azure Defender for Key Vault should be enabled 0e6763cc-5078-4e64-889d-ff4d9a839047 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Azure Defender for Resource Manager should be enabled c3d20c29-b36d-48fe-808b-99a87530ad99 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Azure Defender for servers should be enabled 4da35fc9-c9e7-4960-aec9-797fe7d9051d Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Azure Defender for SQL servers on machines should be enabled 6581d072-105e-4418-827f-bd446d56421b Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Azure Defender for SQL should be enabled for unprotected Azure SQL servers abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 SQL Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Azure Defender for SQL should be enabled for unprotected SQL Managed Instances abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 SQL Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Azure Defender for Storage should be enabled 308fbb08-4ab8-4e67-9b29-592e93fb94fa Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Azure Event Grid domains should use private link 9830b652-8523-49cc-b1b3-e17dce1127ca Event Grid Default
Audit
Allowed
Audit, Disabled		 0 GA
Azure Event Grid topics should use private link 4b90e17e-8448-49db-875e-bd83fb6f804f Event Grid Default
Audit
Allowed
Audit, Disabled		 0 GA
Azure File Sync should use private link 1d320205-c6a1-4ac6-873d-46224024e8e2 Storage Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Azure HDInsight clusters should use customer-managed keys to encrypt data at rest 64d314f6-6062-4780-a861-c23e8951bee5 HDInsight Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Azure HDInsight clusters should use encryption at host to encrypt data at rest 1fd32ebd-e4c3-4e13-a54a-d7422d4d95f6 HDInsight Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Azure HDInsight clusters should use encryption in transit to encrypt communication between Azure HDInsight cluster nodes d9da03a1-f3c3-412a-9709-947156872263 HDInsight Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Azure Key Vault should have firewall enabled 55615ac9-af46-4a59-874e-391cc3dfb490 Key Vault Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Azure Key Vaults should use private link a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Key Vault Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Azure Machine Learning workspaces should be encrypted with a customer-managed key ba769a63-b8cc-4b2d-abf6-ac33c7204be8 Machine Learning Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Azure Monitor Logs clusters should be created with infrastructure-encryption enabled (double encryption) ea0dfaed-95fb-448c-934e-d6e713ce393d Monitoring Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled		 0 GA
Azure Monitor Logs clusters should be encrypted with customer-managed key 1f68a601-6e6d-4e42-babf-3f643a047ea2 Monitoring Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled		 0 GA
Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters 0a15ec92-a229-4763-bb14-0ea34a568f8d Kubernetes Default
Audit
Allowed
Audit, Disabled		 0 GA
Azure Service Bus namespaces should use private link 1c06e275-d63d-4540-b761-71f364c2111d Service Bus Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Azure SignalR Service should use private link 2393d2cf-a342-44cd-a2e2-fe0188fd1234 SignalR Default
Audit
Allowed
Audit, Disabled		 0 GA
Azure Spring Cloud should use network injection af35e2a4-ef96-44e7-a9ae-853dd97032c4 App Platform Default
Audit
Allowed
Audit, Disabled, Deny		 0 GA
Azure Stack Edge devices should use double-encryption b4ac1030-89c5-4697-8e00-28b5ba6a8811 Azure Stack Edge Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled		 0 GA
Azure Stream Analytics jobs should use customer-managed keys to encrypt data 87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Stream Analytics Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled		 0 GA
Azure Synapse workspaces should use customer-managed keys to encrypt data at rest f7d52b2d-e161-4dfa-a82b-55e564167385 Synapse Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Azure Synapse workspaces should use private link 72d11df1-dd8a-41f7-8925-b05b960ebafc Synapse Default
Audit
Allowed
Audit, Disabled		 0 GA
Azure Web Application Firewall should be enabled for Azure Front Door entry-points 055aa869-bc98-4af8-bafc-23f1ab6ffe2c Network Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Azure Web PubSub Service should use private link eb907f70-7514-460d-92b3-a5ae93b4f917 Web PubSub Default
Audit
Allowed
Audit, Disabled		 0 GA
Bind authenticators and identities dynamically 6f311b49-9b0d-8c67-3d6e-db80ae528173 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Block untrusted and unsigned processes that run from USB 3d399cf3-8fc6-0efc-6ab0-1412f1198517 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Bot Service should be encrypted with a customer-managed key 51522a96-0869-4791-82f3-981000c2c67f Bot Service Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled		 0 GA
Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys 7d7be79c-23ba-4033-84dd-45e2a5ccdd67 Kubernetes Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Categorize information 93fa357f-2e38-22a9-5138-8cc5124e1923 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Check for privacy and security compliance before establishing internal connections ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Clear personnel with access to classified information c42f19c9-5d88-92da-0742-371a0ea03126 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Cognitive Services accounts should disable public network access 0725b4dd-7e76-479c-a735-68e7ee23d5ca Cognitive Services Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Cognitive Services accounts should enable data encryption with a customer-managed key 67121cc7-ff39-4ab8-b7e3-95b84dab487d Cognitive Services Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Cognitive Services accounts should have local authentication methods disabled 71ef260a-8f18-47b7-abcb-62d0673d94dc Cognitive Services Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Cognitive Services accounts should restrict network access 037eea7a-bd0a-46c5-9a66-03aea78705d3 Cognitive Services Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Cognitive Services should use private link cddd188c-4b82-4c48-a19d-ddf74ee66a01 Cognitive Services Default
Audit
Allowed
Audit, Disabled		 0 GA
Communicate contingency plan changes a1334a65-2622-28ee-5067-9d7f5b915cc5 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Compile Audit records into system wide audit 214ea241-010d-8926-44cc-b90a96d52adc Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Conduct a full text analysis of logged privileged commands 8eea8c14-4d93-63a3-0c82-000343ee5204 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Conduct a security impact analysis 203101f5-99a3-1491-1b56-acccd9b66a9e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Conduct backup of information system documentation b269a749-705e-8bff-055a-147744675cdf Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Conduct capacity planning 33602e78-35e3-4f06-17fb-13dd887448e4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Conduct exit interview upon termination 496b407d-9b9e-81e8-4ba4-44bc686b016a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Conduct incident response testing 3545c827-26ee-282d-4629-23952a12008b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Conduct Risk Assessment 677e1da4-00c3-287a-563d-f4a1cf9b99a0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Conduct risk assessment and distribute its results d7c1ecc3-2980-a079-1569-91aec8ac4a77 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Conduct risk assessment and document its results 1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Configure actions for noncompliant devices b53aa659-513e-032c-52e6-1ce0ba46582f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Configure Azure Audit capabilities a3e98638-51d4-4e28-910a-60e98c1a756f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Configure detection whitelist 2927e340-60e4-43ad-6b5f-7a1468232cc2 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Configure workstations to check for digital certificates 26daf649-22d1-97e9-2a8a-01b182194d59 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Conform to FICAM-issued profiles a8df9c78-4044-98be-2c05-31a315ac8957 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Container registries should be encrypted with a customer-managed key 5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580 Container Registry Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Container registries should not allow unrestricted network access d0793b48-0edc-4296-a390-4c75d1bdfd71 Container Registry Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Container registries should use private link e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container Registry Default
Audit
Allowed
Audit, Disabled		 0 GA
Container registry images should have vulnerability findings resolved 5f0f936f-2f01-4bf5-b6be-d423792fa562 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Control information flow 59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Control maintenance and repair activities b6ad009f-5c24-1dc0-a25e-74b60e4da45f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Control physical access 55a7f9a0-6397-7589-05ef-5ed59a8149e7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Control use of portable storage devices 36b74844-4a99-4c80-1800-b18a516d1585 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Coordinate contingency plans with related plans c5784049-959f-6067-420c-f4cefae93076 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Coordinate with external organizations to achieve cross org perspective d4e6a629-28eb-79a9-000b-88030e4823ca Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Correlate audit records 10874318-0bf7-a41f-8463-03e395482080 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Correlate Vulnerability scan information e3905a3c-97e7-0b4f-15fb-465c0927536f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
CosmosDB accounts should use private link 58440f8a-10c5-4151-bdce-dfbaad4a20b7 Cosmos DB Default
Audit
Allowed
Audit, Disabled		 0 GA
Create a data inventory 043c1e56-5a16-52f8-6af8-583098ff3e60 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Create alternative actions for identified anomalies cc2f7339-2fac-1ea9-9ca3-cd530fbb0da2 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Create configuration plan protection 874a6f2e-2098-53bc-3a16-20dcdc425a7e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Create separate alternate and primary storage sites 81b6267b-97a7-9aa5-51ee-d2584a160424 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Define a physical key management process 51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Define acceptable and unacceptable mobile code technologies 1afada58-8b34-7ac2-a38a-983218635201 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Define access authorizations to support separation of duties 341bc9f1-7489-07d9-4ec6-971573e1546a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Define and document government oversight cbfa1bd0-714d-8d6f-0480-2ad6a53972df Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Define and enforce conditions for shared and group accounts f7eb1d0b-6d4f-2d59-1591-7563e11a9313 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Define and enforce inactivity log policy 2af4640d-11a6-a64b-5ceb-a468f4341c0c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Define and enforce the limit of concurrent sessions d8350d4c-9314-400b-288f-20ddfce04fbd Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Define cryptographic use c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Define information security roles and responsibilities ef5a7059-6651-73b1-18b3-75b1b79c1565 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Define information system account types 623b5f0a-8cbd-03a6-4892-201d27302f0c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Define mobile device requirements 9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Define organizational requirements for cryptographic key management d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Define requirements for managing assets 25a1f840-65d0-900a-43e4-bee253de04de Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Define requirements for supplying goods and services 2b2f3a72-9e68-3993-2b69-13dcdecf8958 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Deliver security assessment results 8e49107c-3338-40d1-02aa-d524178a2afe Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs 331e8ea8-378a-410f-a2e5-ae22f38bb0da Guest Configuration Fixed
deployIfNotExists		 1 Contributor GA
Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs 385f5831-96d4-41db-9a3c-cd3af78aaae6 Guest Configuration Fixed
deployIfNotExists		 1 Contributor GA
Deprecated accounts should be removed from your subscription 6b1cbf55-e8b6-442f-ba4c-7246b6381474 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Deprecated accounts with owner permissions should be removed from your subscription ebb62a0c-3560-49e1-89ed-27e074e9f8ad Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Design an access control model 03b6427e-6072-4226-4bd9-a410ab65317e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Designate authorized personnel to post publicly accessible information b4512986-80f5-1656-0c58-08866bd2673a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Designate personnel to supervise unauthorized maintenance activities 7a489c62-242c-5db9-74df-c073056d6fa3 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Detect network services that have not been authorized or approved 86ecd378-a3a0-5d5b-207c-05e6aaca43fc Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Determine assertion requirements 7a0ecd94-3699-5273-76a5-edb8499f655a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Determine auditable events 2f67e567-03db-9d1f-67dc-b6ffb91312f4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Determine supplier contract obligations 67ada943-8539-083d-35d0-7af648974125 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Develop a concept of operations (CONOPS) e7422f08-65b4-50e4-3779-d793156e0079 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Develop acceptable use policies and procedures 42116f15-5665-a52a-87bb-b40e64c74b6c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Develop access control policies and procedures 59f7feff-02aa-6539-2cf7-bea75b762140 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Develop an incident response plan 2b4e134f-1e4c-2bff-573e-082d85479b6e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Develop and document a business continuity and disaster recovery plan bd6cbcba-4a2d-507c-53e3-296b5c238a8e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Develop and document a DDoS response plan b7306e73-0494-83a2-31f5-280e934a8f70 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Develop and document application security requirements 6de65dc4-8b4f-34b7-9290-eb137a2e2929 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Develop and establish a system security plan b2ea1058-8998-3dd1-84f1-82132ad482fd Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Develop and maintain a vulnerability management standard 055da733-55c6-9e10-8194-c40731057ec4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Develop and maintain baseline configurations 2f20840e-7925-221c-725d-757442753e7c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Develop audit and accountability policies and procedures a28323fe-276d-3787-32d2-cef6395764c4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Develop business classification schemes 11ba0508-58a8-44de-5f3a-9e05d80571da Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Develop configuration item identification plan 836f8406-3b8a-11bb-12cb-6c7fa0765668 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Develop configuration management plan 04837a26-2601-1982-3da7-bf463e6408f4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Develop contingency plan aa305b4d-8c84-1754-0c74-dec004e66be0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Develop contingency planning policies and procedures 75b42dcf-7840-1271-260b-852273d7906e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Develop information security policies and procedures af227964-5b8b-22a2-9364-06d2cb9d6d7c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Develop organization code of conduct policy d02498e0-8a6f-6b02-8332-19adf6711d1e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Develop POA&M 477bd136-7dd9-55f8-48ac-bae096b86a07 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Develop security assessment plan 1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Develop security safeguards 423f6d9c-0c73-9cc6-64f4-b52242490368 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Develop spillage response procedures bb048641-6017-7272-7772-a008f285a520 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Develop SSP that meets criteria 6b957f60-54cd-5752-44d5-ff5a64366c93 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Disable authenticators upon termination d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Disable user accounts posing a significant risk 22c16ae4-19d0-29cb-422f-cb44061180ee Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Discover any indicators of compromise 07b42fb5-027e-5a3c-4915-9d9ef3020ec7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Disk access resources should use private link f39f5f49-4abf-44de-8c70-0756997bfb51 Compute Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Disk encryption should be enabled on Azure Data Explorer f4b53539-8df9-40e4-86c6-6b607703bd4e Azure Data Explorer Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Display an explicit logout message 0471c6b7-1588-701c-2713-1fade73b75f6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Disseminate security alerts to personnel 9c93ef57-7000-63fb-9b74-88f2e17ca5d2 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Distribute authenticators 098dcde7-016a-06c3-0985-0daaf3301d3a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Distribute information system documentation 84a01872-5318-049e-061e-d56734183e84 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Distribute policies and procedures eff6e4a5-3efe-94dd-2ed1-25d56a019a82 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Document access privileges a08b18c7-9e0a-89f1-3696-d80902196719 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Document acquisition contract acceptance criteria 0803eaa7-671c-08a7-52fd-ac419f775e75 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Document and implement wireless access guidelines 04b3e7f6-4841-888d-4799-cda19a0084f6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Document customer-defined actions 8c44a0ea-9b09-4d9c-0e91-f9bee3d05bfb Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Document mobility training 83dfb2b8-678b-20a0-4c44-5c75ada023e6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Document organizational access agreements c981fa70-2e58-8141-1457-e7f62ebc2ade Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Document personnel acceptance of privacy requirements 271a3e58-1b38-933d-74c9-a580006b80aa Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Document protection of personal data in acquisition contracts f9ec3263-9562-1768-65a1-729793635a8d Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Document protection of security information in acquisition contracts d78f95ba-870a-a500-6104-8a5ce2534f19 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Document remote access guidelines 3d492600-27ba-62cc-a1c3-66eb919f6a0d Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Document requirements for the use of shared data in contracts 0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Document security and privacy training activities 524e7136-9f6a-75ba-9089-501018151346 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Document security assurance requirements in acquisition contracts 13efd2d7-3980-a2a4-39d0-527180c009e8 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Document security documentation requirements in acquisition contract a465e8e9-0095-85cb-a05f-1dd4960d02af Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Document security functional requirements in acquisition contracts 57927290-8000-59bf-3776-90c468ac5b4b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Document security operations 2c6bee3a-2180-2430-440d-db3c7a849870 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Document security strength requirements in acquisition contracts ebb0ba89-6d8c-84a7-252b-7393881e43de Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Document separation of duties e6f7b584-877a-0d69-77d4-ab8b923a9650 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Document the information system environment in acquisition contracts c148208b-1a6f-a4ac-7abc-23b1d41121b1 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Document the protection of cardholder data in third party contracts 77acc53d-0f67-6e06-7d04-5750653d4629 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Document third-party personnel security requirements b320aa42-33b4-53af-87ce-100091d48918 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Document wireless access security controls 8f835d6a-4d13-9a9c-37dc-176cebd37fda Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Double encryption should be enabled on Azure Data Explorer ec068d99-e9c7-401f-8cef-5bdde4e6ccf1 Azure Data Explorer Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Email notification for high severity alerts should be enabled 6e2593d9-add6-4083-9c9b-4b7d2188c899 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Email notification to subscription owner for high severity alerts should be enabled 0b15565f-aa9e-48ba-8619-45960f2c314d Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Employ a media sanitization mechanism eaaae23f-92c9-4460-51cf-913feaea4d52 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Employ automated training environment c8aa992d-76b7-7ca0-07b3-31a58d773fa9 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Employ automatic emergency lighting aa892c0d-2c40-200c-0dd8-eac8c4748ede Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Employ automatic shutdown/restart when violations are detected 1b8a7ec3-11cc-a2d3-8cd0-eedf074424a4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Employ boundary protection to isolate information systems 311802f9-098d-0659-245a-94c5d47c0182 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Employ FICAM-approved resources to accept third-party credentials db8b35d6-8adb-3f51-44ff-c648ab5b1530 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Employ FIPS 201-approved technology for PIV 8b333332-6efd-7c0d-5a9f-d1eb95105214 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Employ flow control mechanisms of encrypted information 79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Employ independent assessors for continuous monitoring 3baee3fd-30f5-882c-018c-cc78703a0106 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Employ independent assessors to conduct security control assessments b65c5d8e-9043-9612-2c17-65f231d763bb Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Employ independent team for penetration testing 611ebc63-8600-50b6-a0e3-fef272457132 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Employ least privilege access 1bc7fd64-291f-028e-4ed6-6e07886e163f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Employ restrictions on external system interconnections 80029bc5-834f-3a9c-a2d8-acbc1aab4e9f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Enable detection of network devices 426c172c-9914-10d1-25dd-669641fc1af4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Enable dual or joint authorization 2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Enable network protection 8c255136-994b-9616-79f5-ae87810e0dcf Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Endpoint protection solution should be installed on virtual machine scale sets 26a828e1-e88f-464e-bbb3-c134a282b9de Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Enforce a limit of consecutive failed login attempts b4409bff-2287-8407-05fd-c73175a68302 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Enforce and audit access restrictions 8cd815bf-97e1-5144-0735-11f6ddb50a59 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Enforce appropriate usage of all accounts fd81a1b3-2d7a-107c-507e-29b87d040c19 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Enforce expiration of cached authenticators c7e8ddc1-14aa-1814-7fe1-aad1742b27da Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Enforce logical access 10c4210b-3ec9-9603-050d-77e4d26c7ebb Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Enforce mandatory and discretionary access control policies b1666a13-8f67-9c47-155e-69e027ff6823 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Enforce random unique session identifiers c7d57a6a-7cc2-66c0-299f-83bf90558f5d Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Enforce rules of behavior and access agreements 509552f5-6528-3540-7959-fbeae4832533 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Enforce security configuration settings 058e9719-1ff9-3653-4230-23f76b6492e0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Enforce software execution privileges 68d2e478-3b19-23eb-1357-31b296547457 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Enforce SSL connection should be enabled for MySQL database servers e802a67a-daf5-4436-9ea6-f6d821dd0c5d SQL Default
Audit
Allowed
Audit, Disabled		 0 GA
Enforce SSL connection should be enabled for PostgreSQL database servers d158790f-bfb0-486c-8631-2dc6b4e8e6af SQL Default
Audit
Allowed
Audit, Disabled		 0 GA
Enforce user uniqueness e336d5f4-4d8f-0059-759c-ae10f63d1747 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Ensure access agreements are signed or resigned timely e7589f4e-1e8b-72c2-3692-1e14d7f3699f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Ensure alternate storage site safeguards are equivalent to primary site 178c8b7e-1b6e-4289-44dd-2f1526b678a1 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Ensure audit records are not altered 27ce30dd-3d56-8b54-6144-e26d9a37a541 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Ensure authorized users protect provided authenticators 37dbe3dc-0e9c-24fa-36f2-11197cbfa207 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Ensure cryptographic mechanisms are under configuration management b8dad106-6444-5f55-307e-1e1cc9723e39 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Ensure external providers consistently meet interests of the customers 3eabed6d-1912-2d3c-858b-f438d08d0412 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Ensure information system fails in known state 12af7c7a-92af-9e96-0d0c-5e732d1a3751 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Ensure resources are authorized 0716f0f5-4955-2ccb-8d5e-c6be14d57c0f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Ensure security categorization is approved 6c79c3e5-5f7b-a48a-5c7b-8c158bc01115 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Ensure security safeguards not needed when the individuals return 1fdf0b24-4043-3c55-357e-036985d50b52 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Ensure system capable of dynamic isolation of resources 83eea3d3-0d2c-9ccd-1021-2111b29b2a62 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Ensure there are no unencrypted static authenticators eda0cbb7-6043-05bf-645b-67411f1a59b3 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Eradicate contaminated information 54a9c072-4a93-2a03-6a43-a060d30383d7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Establish a configuration control board 7380631c-5bf5-0e3a-4509-0873becd8a63 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Establish a data leakage management procedure 3c9aa856-6b86-35dc-83f4-bc72cec74dea Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Establish a discrete line item in budgeting documentation 06af77de-02ca-0f3e-838a-a9420fe466f5 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Establish a password policy d8bbd80e-3bb1-5983-06c2-428526ec6a63 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Establish a privacy program 39eb03c1-97cc-11ab-0960-6209ed2869f7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Establish a risk management strategy d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Establish a secure software development program e750ca06-1824-464a-2cf3-d0fa754d1cb4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Establish a threat intelligence program b0e3035d-6366-2e37-796e-8bcab9c649e6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Establish alternate storage site that facilitates recovery operations 245fe58b-96f8-9f1e-48c5-7f49903f66fd Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Establish alternate storage site to store and retrieve backup information 0a412110-3874-9f22-187a-c7a81c8a6704 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Establish an alternate processing site af5ff768-a34b-720e-1224-e6b3214f3ba6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Establish an information security program 84245967-7882-54f6-2d34-85059f725b47 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Establish and document a configuration management plan 526ed90e-890f-69e7-0386-ba5c0f1f784f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Establish and document change control processes bd4dc286-2f30-5b95-777c-681f3a7913d3 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Establish and maintain an asset inventory 27965e62-141f-8cca-426f-d09514ee5216 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Establish authenticator types and processes 921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Establish backup policies and procedures 4f23967c-a74b-9a09-9dc2-f566f61a87b9 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Establish benchmarks for flaw remediation dd2523d5-2db3-642b-a1cf-83ac973b32c2 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Establish conditions for role membership 97cfd944-6f0c-7db2-3796-8e890ef70819 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Establish configuration management requirements for developers 8747b573-8294-86a0-8914-49e9b06a5ace Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Establish electronic signature and certificate requirements 6f3866e8-6e12-69cf-788c-809d426094a1 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Establish firewall and router configuration standards 398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Establish network segmentation for card holder data environment f476f3b0-4152-526e-a209-44e5f8c968d7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Establish parameters for searching secret authenticators and verifiers 0065241c-72e9-3b2c-556f-75de66332a94 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Establish policies for supply chain risk management 9150259b-617b-596d-3bf5-5ca3fce20335 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Establish procedures for initial authenticator distribution 35963d41-4263-0ef9-98d5-70eb058f9e3c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Establish relationship between incident response capability and external providers b470a37a-7a47-3792-34dd-7a793140702e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Establish requirements for audit review and reporting b3c8cc83-20d3-3890-8bc8-5568777670f4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Establish requirements for internet service providers 5f2e834d-7e40-a4d5-a216-e49b16955ccf Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Establish security requirements for the manufacturing of connected devices afbecd30-37ee-a27b-8e09-6ac49951a0ee Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Establish terms and conditions for accessing resources 3c93dba1-84fd-57de-33c7-ef0400a08134 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Establish terms and conditions for processing resources 5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Establish third-party personnel security requirements 3881168c-5d38-6f04-61cc-b5d87b2c4c58 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Establish usage restrictions for mobile code technologies ffdaa742-0d6f-726f-3eac-6e6c34e36c93 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Establish voip usage restrictions 68a39c2b-0f17-69ee-37a3-aa10f9853a08 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Evaluate alternate processing site capabilities 60442979-6333-85f0-84c5-b887bac67448 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Event Hub namespaces should use a customer-managed key for encryption a1ad735a-e96f-45d2-a7b2-9a4932cab7ec Event Hub Default
Audit
Allowed
Audit, Disabled		 0 GA
Event Hub namespaces should use private link b8564268-eb4a-4337-89be-a19db070c59d Event Hub Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Execute actions in response to information spills ba78efc6-795c-64f4-7a02-91effbd34af9 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Explicitly notify use of collaborative computing devices 62fa14f0-4cbe-762d-5469-0899a99b98aa Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
External accounts with owner permissions should be removed from your subscription f8456c1c-aa66-4dfb-861a-25d127b775c9 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
External accounts with read permissions should be removed from your subscription 5f76cf89-fbf2-47fd-a3f4-b891fa780b60 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
External accounts with write permissions should be removed from your subscription 5c607a2e-c700-4744-8254-d77e7c9eb5e4 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Facilitate information sharing a44c9fba-43f8-4b7b-7ee6-db52c96b4366 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Function apps should have 'Client Certificates (Incoming client certificates)' enabled eaebaea7-8013-4ceb-9d14-7eb32271373c App Service Default
Audit
Allowed
Audit, Disabled		 0 GA
Function apps should have remote debugging turned off 0e60b895-3786-45da-8377-9c6b4b6ac5f9 App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Function apps should not have CORS configured to allow every resource to access your apps 0820b7b9-23aa-4725-a1ce-ae4558f718e5 App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Function apps should only be accessible over HTTPS 6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab App Service Default
Audit
Allowed
Audit, Disabled, Deny		 0 GA
Function apps should require FTPS only 399b2637-a50f-4f95-96f8-3a145476eb15 App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Function apps should use latest 'HTTP Version' e2c1c086-2d84-4019-bff3-c44ccd95113c App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Function apps should use managed identity 0da106f2-4ca3-48e8-bc85-c638fe6aea8f App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Function apps should use the latest TLS version f9d614c5-c173-4d56-95a7-b4437057d193 App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Function apps that use Java should use the latest 'Java version' 9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Function apps that use Python should use the latest 'Python version' 7238174a-fd10-4ef0-817e-fc820a951d73 App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Generate error messages c2cb4658-44dc-9d11-3dad-7c6802dd5ba3 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Generate internal security alerts 171e377b-5224-4a97-1eaa-62a3b5231dac Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Geo-redundant backup should be enabled for Azure Database for MariaDB 0ec47710-77ff-4a3d-9181-6aa50af424d0 SQL Default
Audit
Allowed
Audit, Disabled		 0 GA
Geo-redundant backup should be enabled for Azure Database for MySQL 82339799-d096-41ae-8538-b108becf0970 SQL Default
Audit
Allowed
Audit, Disabled		 0 GA
Geo-redundant backup should be enabled for Azure Database for PostgreSQL 48af4db5-9b8b-401c-8e74-076be876a430 SQL Default
Audit
Allowed
Audit, Disabled		 0 GA
Geo-redundant storage should be enabled for Storage Accounts bf045164-79ba-4215-8f95-f8048dc1780b Storage Default
Audit
Allowed
Audit, Disabled		 0 GA
Govern and monitor audit processing activities 333b4ada-4a02-0648-3d4d-d812974f1bb2 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Govern compliance of cloud service providers 5c33538e-02f8-0a7f-998b-a4c1e22076d3 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Govern policies and procedures 1a2a03a4-9992-5788-5953-d8f6615306de Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Govern the allocation of resources 33d34fac-56a8-1c0f-0636-3ed94892a709 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Guest Configuration extension should be installed on your machines ae89ebca-1c92-4898-ac2c-9f63decb045c Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
HPC Cache accounts should use customer-managed key for encryption 970f84d8-71b6-4091-9979-ace7e3fb6dbb Storage Default
Audit
Allowed
Audit, Disabled, Deny		 0 GA
Identify actions allowed without authentication 92a7591f-73b3-1173-a09c-a08882d84c70 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Identify and authenticate network devices ae5345d5-8dab-086a-7290-db43a3272198 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Identify and authenticate non-organizational users e1379836-3492-6395-451d-2f5062e14136 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Identify and manage downstream information exchanges c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Identify and mitigate potential issues at alternate storage site 13939f8c-4cd5-a6db-9af4-9dfec35e3722 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Identify classes of Incidents and Actions taken 23d1a569-2d1e-7f43-9e22-1f94115b7dd5 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Identify contaminated systems and components 279052a0-8238-694d-9661-bf649f951747 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Identify external service providers 46ab2c5e-6654-1f58-8c83-e97a44f39308 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Identify incident response personnel 037c0089-6606-2dab-49ad-437005b5035f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Identify individuals with security roles and responsibilities 0dcbaf2f-075e-947b-8f4c-74ecc5cd302c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Identify spilled information 69d90ee6-9f9f-262a-2038-d909fb4e5723 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Identify status of individual users ca748dfe-3e28-1d18-4221-89aea30aa0a5 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Implement a fault tolerant name/address service ced727b3-005e-3c5b-5cd5-230b79d56ee8 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Implement a penetration testing methodology c2eabc28-1e5c-78a2-a712-7cc176c44c07 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Implement an automated configuration management tool 33832848-42ab-63f3-1a55-c0ad309d44cd Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Implement controls to secure all media e435f7e3-0dd9-58c9-451f-9b44b96c0232 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Implement controls to secure alternate work sites cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Implement cryptographic mechanisms 10c3a1b1-29b0-a2d5-8f4c-a284b0f07830 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Implement formal sanctions process 5decc032-95bd-2163-9549-a41aba83228e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Implement incident handling 433de59e-7a53-a766-02c2-f80f8421469a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Implement Incident handling capability 98e33927-8d7f-6d5f-44f5-2469b40b7215 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Implement managed interface for each external service b262e1dd-08e9-41d4-963a-258909ad794b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Implement parameters for memorized secret verifiers 3b30aa25-0f19-6c04-5ca4-bd3f880a763d Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Implement personnel screening e0c480bf-0d68-a42d-4cbb-b60f851f8716 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Implement physical security for offices, working areas, and secure areas 05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Implement privileged access for executing vulnerability scanning activities 5b802722-71dd-a13d-2e7e-231e09589efb Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Implement security directives 26d178a4-9261-6f04-a100-47ed85314c6e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Implement security engineering principles of information systems df2e9507-169b-4114-3a52-877561ee3198 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Implement system boundary protection 01ae60e2-38bb-0a32-7b20-d3a091423409 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Implement training for protecting authenticators e4b00788-7e1c-33ec-0418-d048508e095b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Implement transaction based recovery ba02d0a0-566a-25dc-73f1-101c726a19c5 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Include dynamic reconfig of customer deployed resources 1e0d5ba8-a433-01aa-829c-86b06c9631ec Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Incorporate flaw remediation into configuration management 34aac8b2-488a-2b96-7280-5b9b481a317a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Incorporate simulated contingency training 9c954fcf-6dd8-81f1-41b5-832ae5c62caf Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Incorporate simulated events into incident response training 1fdeb7c4-4c93-8271-a135-17ebe85f1cc7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Information flow control using security policy filters 13ef3484-3a51-785a-9c96-500f21f84edd Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Infrastructure encryption should be enabled for Azure Database for MySQL servers 3a58212a-c829-4f13-9872-6371df2fd0b4 SQL Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Infrastructure encryption should be enabled for Azure Database for PostgreSQL servers 24fba194-95d6-48c0-aea7-f65bf859c598 SQL Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Initiate contingency plan testing corrective actions 8bfdbaa6-6824-3fec-9b06-7961bf7389a6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Initiate transfer or reassignment actions b8a9bb2f-7290-3259-85ce-dca7d521302d Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Install an alarm system aa0ddd99-43eb-302d-3f8f-42b499182960 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Integrate Audit record analysis 85335602-93f5-7730-830b-d43426fd51fa Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Integrate audit review, analysis, and reporting f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Integrate cloud app security with a siem 9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Integrate risk management process into SDLC 00f12b6f-10d7-8117-9577-0f2b76488385 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Internet-facing virtual machines should be protected with network security groups f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Invalidate session identifiers at logout 396f465d-375e-57de-58ba-021adb008191 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
IoT Hub device provisioning service instances should use private link df39c015-56a4-45de-b4a3-efe77bed320d Internet of Things Default
Audit
Allowed
Audit, Disabled		 0 GA
IP Forwarding on your virtual machine should be disabled bd352bd5-2853-4985-bf0d-73806b4a5744 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Isolate information spills 22457e81-3ec6-5271-a786-c3ca284601dd Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Isolate SecurID systems, Security Incident Management systems dd6d00a8-701a-5935-a22b-c7b9c0c698b2 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Issue public key certificates 97d91b33-7050-237b-3e23-a77d57d84e13 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Key Vault keys should have an expiration date 152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Key Vault secrets should have an expiration date 98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Key vaults should have purge protection enabled 0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key Vault Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Key vaults should have soft delete enabled 1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key Vault Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits e345eecc-fa47-480f-9e88-67dcc122b164 Kubernetes Default
Deny
Allowed
audit, Audit, deny, Deny, disabled, Disabled		 0 GA
Kubernetes cluster containers should not share host process ID or host IPC namespace 47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled		 0 GA
Kubernetes cluster containers should only use allowed AppArmor profiles 511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled		 0 GA
Kubernetes cluster containers should only use allowed capabilities c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled		 0 GA
Kubernetes cluster containers should only use allowed images febd0533-8e55-448f-b837-bd0e06f16469 Kubernetes Default
Deny
Allowed
audit, Audit, deny, Deny, disabled, Disabled		 0 GA
Kubernetes cluster containers should run with a read only root file system df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled		 0 GA
Kubernetes cluster pod hostPath volumes should only use allowed host paths 098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled		 0 GA
Kubernetes cluster pods and containers should only run with approved user and group IDs f06ddb64-5fa3-4b77-b166-acb36f7f6042 Kubernetes Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled		 0 GA
Kubernetes cluster pods should only use approved host network and port range 82985f06-dc18-4a48-bc1c-b9f4f0098cfe Kubernetes Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled		 0 GA
Kubernetes cluster services should listen only on allowed ports 233a2a17-77ca-4fb1-9b6b-69223d272a44 Kubernetes Default
Deny
Allowed
audit, Audit, deny, Deny, disabled, Disabled		 0 GA
Kubernetes cluster should not allow privileged containers 95edb821-ddaf-4404-9732-666045e056b4 Kubernetes Default
Deny
Allowed
audit, Audit, deny, Deny, disabled, Disabled		 0 GA
Kubernetes clusters should be accessible only over HTTPS 1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Kubernetes Default
Deny
Allowed
audit, Audit, deny, Deny, disabled, Disabled		 0 GA
Kubernetes clusters should not allow container privilege escalation 1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled		 0 GA
Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version fb893a29-21bb-418c-a157-e99480ec364c Security Center Default
Audit
Allowed
Audit, Disabled		 0 GA
Limit privileges to make changes in production environment 2af551d5-1775-326a-0589-590bfb7e9eb2 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Linux machines should meet requirements for the Azure compute security baseline fc9b3da7-8347-4380-8e70-0a0361d8dedd Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Log Analytics agent should be installed on your virtual machine for Azure Security Center monitoring a4fe33eb-e377-4efb-ab31-0784311bc499 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Log Analytics agent should be installed on your virtual machine scale sets for Azure Security Center monitoring a3a6ea0c-e018-4933-9ef0-5aaa1501449b Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Logic Apps Integration Service Environment should be encrypted with customer-managed keys 1fafeaf6-7927-4059-a50a-8eb2a7a6f2b5 Logic Apps Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Long-term geo-redundant backup should be enabled for Azure SQL Databases d38fc420-0735-4ef3-ac11-c806f651a570 SQL Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Maintain availability of information 3ad7f0bc-3d03-0585-4d24-529779bb02c2 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Maintain data breach records 0fd1ca29-677b-2f12-1879-639716459160 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Maintain incident response plan 37546841-8ea1-5be0-214d-8ac599588332 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Maintain integrity of audit system c0559109-6a27-a217-6821-5a6d44f92897 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Maintain list of authorized remote maintenance personnel 4ce91e4e-6dab-3c46-011a-aa14ae1561bf Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Maintain records of processing of personal data 92ede480-154e-0e22-4dca-8b46a74a3a51 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Maintain separate execution domains for running processes bfc540fe-376c-2eef-4355-121312fa4437 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Manage a secure surveillance camera system f2222056-062d-1060-6dc2-0107a68c34b2 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Manage authenticator lifetime and reuse 29363ae1-68cd-01ca-799d-92c9197c8404 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Manage Authenticators 4aacaec9-0628-272c-3e83-0d68446694e0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Manage availability and capacity edcc36f1-511b-81e0-7125-abee29752fe7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Manage gateways 63f63e71-6c3f-9add-4c43-64de23e554a7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Manage maintenance personnel b273f1e3-79e7-13ee-5b5d-dca6c66c3d5d Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Manage nonlocal maintenance and diagnostic activities 1fb1cb0e-1936-6f32-42fd-89970b535855 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Manage symmetric cryptographic keys 9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Manage system and admin accounts 34d38ea7-6754-1838-7031-d7fd07099821 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Manage the input, output, processing, and storage of data e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Manage the transportation of assets 4ac81669-00e2-9790-8648-71bc11bc91eb Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Manage transfers between standby and active system components df54d34f-65f3-39f1-103c-a0464b8615df Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Managed disks should be double encrypted with both platform-managed and customer-managed keys ca91455f-eace-4f96-be59-e6e2c35b4816 Compute Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Management ports of virtual machines should be protected with just-in-time network access control b0f33259-77d7-4c9e-aac6-3aabcfae693c Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Management ports should be closed on your virtual machines 22730e10-96f6-4aac-ad84-9383d35b5917 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Map authenticated identities to individuals 4012c2b7-4e0e-a7ab-1688-4aab43f14420 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Measure the time between flaw identification and flaw remediation dad1887d-161b-7b61-2e4d-5124a7b5724e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
MFA should be enabled for accounts with write permissions on your subscription 9297c21d-2ed6-4474-b48f-163f75654ce3 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
MFA should be enabled on accounts with owner permissions on your subscription aa633080-8b72-40c4-a2d7-d00c03e80bed Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
MFA should be enabled on accounts with read permissions on your subscription e3576e28-8b17-4677-84c3-db2990658d64 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Microsoft Defender for Containers should be enabled 1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Modify access authorizations upon personnel transfer 979ed3b6-83f9-26bc-4b86-5b05464700bf Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Monitor access across the organization 48c816c5-2190-61fc-8806-25d6f3df162f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Monitor account activity 7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Monitor missing Endpoint Protection in Azure Security Center af6cd1bd-1635-48cb-bde7-5b15693900b9 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Monitor privileged role assignment ed87d27a-9abf-7c71-714c-61d881889da4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Monitor security and privacy training completion 82bd024a-5c99-05d6-96ff-01f539676a1a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Monitor third-party provider compliance f8ded0c6-a668-9371-6bb6-661d58787198 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
MySQL servers should use customer-managed keys to encrypt data at rest 83cef61d-dbd1-4b20-a4fc-5fbc7da10833 SQL Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Network Watcher should be enabled b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Non-internet-facing virtual machines should be protected with network security groups bb91dfba-c30d-4263-9add-9c2384e659a6 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Not allow for information systems to accompany with individuals 41172402-8d73-64c7-0921-909083c086b0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Notify Account Managers of customer controlled accounts 4b8fd5da-609b-33bf-9724-1c946285a14c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Notify personnel of any failed security verification tests 18e9d748-73d4-0c96-55ab-b108bfbd5bc3 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Notify personnel upon sanctions 6228396e-2ace-7ca5-3247-45767dbf52f4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Notify upon termination or transfer c79d378a-2521-822a-0407-57454f8d2c74 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Notify users of system logon or access fe2dff43-0a8c-95df-0432-cb1c794b17d0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Notify when account is not needed 8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Obscure feedback information during authentication process 1ff03f2a-974b-3272-34f2-f6cd51420b30 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Observe and report security weaknesses ff136354-1c92-76dc-2dab-80fb7c6a9f1a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Obtain Admin documentation 3f1216b0-30ee-1ac9-3899-63eb744e85f5 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Obtain approvals for acquisitions and outsourcing 92b94485-1c49-3350-9ada-dffe94f08e87 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Obtain continuous monitoring plan for security controls ca6d7878-3189-1833-4620-6c7254ed1607 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Obtain design and implementation information for the security controls 22a02c9a-49e4-5dc9-0d14-eb35ad717154 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Obtain functional properties of security controls 44b71aa8-099d-8b97-1557-0e853ec38e0d Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Obtain legal opinion for monitoring system activities d9af7f88-686a-5a8b-704b-eafdab278977 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Obtain user security function documentation be1c34ab-295a-07a6-785c-36f63c1d223e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Only secure connections to your Azure Cache for Redis should be enabled 22bee202-a82f-4305-9a2a-6d7f44d4dedb Cache Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
OS and data disks should be encrypted with a customer-managed key 702dd420-7fcc-42c5-afe8-4026edd20fe0 Compute Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Perform a business impact assessment and application criticality assessment cb8841d4-9d13-7292-1d06-ba4d68384681 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Perform a privacy impact assessment d18af1ac-0086-4762-6dc8-87cdded90e39 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Perform a risk assessment 8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Perform a trend analysis on threats 50e81644-923d-33fc-6ebb-9733bc8d1a06 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Perform all non-local maintenance 5bac5fb7-7735-357b-767d-02264bfe5c3b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Perform audit for configuration change control 1282809c-9001-176b-4a81-260a085f4872 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Perform information input validation 8b1f29eb-1b22-4217-5337-9207cb55231e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Perform security function verification at a defined frequency f30edfad-4e1d-1eef-27ee-9292d6d89842 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Perform threat modeling bf883b14-9c19-0f37-8825-5e39a8b66d5b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Perform vulnerability scans 3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Plan for continuance of essential business functions d9edcea6-6cb8-0266-a48c-2061fbac4310 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Plan for resumption of essential business functions 7ded6497-815d-6506-242b-e043e0273928 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
PostgreSQL servers should use customer-managed keys to encrypt data at rest 18adea5e-f416-4d0f-8aa8-d24321e3e274 SQL Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Prepare alternate processing site for use as operational site 0f31d98d-5ce2-705b-4aa5-b4f6705110dd Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Prevent identifier reuse for the defined time period 4781e5fd-76b8-7d34-6df3-a0a7fca47665 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Prevent split tunneling for remote devices 66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Private endpoint connections on Azure SQL Database should be enabled 7698e800-9299-47a6-b3b6-5a0fee576eed SQL Default
Audit
Allowed
Audit, Disabled		 0 GA
Private endpoint should be enabled for MariaDB servers 0a1302fb-a631-4106-9753-f3d494733990 SQL Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Private endpoint should be enabled for MySQL servers 7595c971-233d-4bcf-bd18-596129188c49 SQL Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Private endpoint should be enabled for PostgreSQL servers 0564d078-92f5-4f97-8398-b9f58a51f70b SQL Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Produce complete records of remote maintenance activities 74041cfe-3f87-1d17-79ec-34ca5f895542 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Produce Security Assessment report 70a7a065-a060-85f8-7863-eb7850ed2af9 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Produce, control and distribute asymmetric cryptographic keys de077e7e-0cc8-65a6-6e08-9ab46c827b05 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Produce, control and distribute symmetric cryptographic keys 16c54e01-9e65-7524-7c33-beda48a75779 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Prohibit binary/machine-executable code 8e920169-739d-40b5-3f99-c4d855327bb2 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Prohibit remote activation of collaborative computing devices 678ca228-042d-6d8e-a598-c58d5670437d Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Prohibit unfair practices 5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Protect administrator and user documentation 09960521-759e-5d12-086f-4192a72a5e92 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Protect against and prevent data theft from departing employees 80a97208-264e-79da-0cc7-4fca179a0c9c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Protect audit information 0e696f5a-451f-5c15-5532-044136538491 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Protect data in transit using encryption b11697e8-9515-16f1-7a35-477d5c8a1344 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Protect incident response plan 2401b496-7f23-79b2-9f80-89bb5abf3d4a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Protect passwords with encryption b2d3e5a2-97ab-5497-565a-71172a729d93 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Protect special information a315c657-4a00-8eba-15ac-44692ad24423 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Protect wireless access d42a8f69-a193-6cbc-48b9-04a9e29961f1 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Provide audit review, analysis, and reporting capability 44f8a42d-739f-8030-89a8-4c2d5b3f6af3 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Provide capability to disconnect or disable remote access 4edaca8c-0912-1ac5-9eaa-6a1057740fae Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Provide capability to process customer-controlled audit records 21633c09-804e-7fcd-78e3-635c6bfe2be7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Provide contingency training de936662-13dc-204c-75ec-1af80f994088 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Provide information spillage training 2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Provide monitoring information as needed 7fc1f0da-0050-19bb-3d75-81ae15940df6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Provide periodic role-based security training 9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Provide periodic security awareness training 516be556-1353-080d-2c2f-f46f000d5785 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Provide privacy training 518eafdd-08e5-37a9-795b-15a8d798056d Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Provide real-time alerts for audit event failures 0f4fa857-079d-9d3d-5c49-21f616189e03 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Provide role-based practical exercises d041726f-00e0-41ca-368c-b1a122066482 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Provide role-based security training 4c385143-09fd-3a34-790c-a5fd9ec77ddc Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Provide role-based training on suspicious activities f6794ab8-9a7d-3b24-76ab-265d3646232b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Provide secure name and address resolution services bbb2e6d6-085f-5a35-a55d-e45daad38933 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Provide security awareness training for insider threats 9b8b05ec-3d21-215e-5d98-0f7cf0998202 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Provide security training before providing access 2b05dca2-25ec-9335-495c-29155f785082 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Provide security training for new users 1cb7bf71-841c-4741-438a-67c65fdd7194 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Provide the capability to extend or limit auditing on customer-deployed resources d200f199-69f4-95a6-90b0-37ff0cf1040c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Provide the logout capability db580551-0b3c-4ea1-8a4c-4cdb5feb340f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Provide timely maintenance support eb598832-4bcc-658d-4381-3ecbe17b9866 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Provide updated security awareness training d136ae80-54dd-321c-98b4-17acf4af2169 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Public network access on Azure SQL Database should be disabled 1b8ca024-1d5c-4dec-8995-b1a932b41780 SQL Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Public network access should be disabled for MariaDB servers fdccbe47-f3e3-4213-ad5d-ea459b2fa077 SQL Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Public network access should be disabled for MySQL servers d9844e8a-1437-4aeb-a32c-0c992f056095 SQL Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Public network access should be disabled for PostgreSQL servers b52376f7-9612-48a1-81cd-1ffe4b61032c SQL Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Reassign or remove user privileges as needed 7805a343-275c-41be-9d62-7215b96212d8 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Reauthenticate or terminate a user session d6653f89-7cb5-24a4-9d71-51581038231b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Recover and reconstitute resources after any disruption f33c3238-11d2-508c-877c-4262ec1132e1 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Reevaluate access upon personnel transfer e89436d8-6a93-3b62-4444-1d2a42ad56b2 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Refresh authenticators 3ae68d9a-5696-8c32-62d3-c6f9c52e437c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Reissue authenticators for changed groups and accounts 2f204e72-1896-3bf8-75c9-9128b8683a36 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Remediate information system flaws be38a620-000b-21cf-3cb3-ea151b704c3b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Report atypical behavior of user accounts e4054c0e-1184-09e6-4c5e-701e0bc90f81 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Require approval for account creation de770ba6-50dd-a316-2932-e0d972eaa734 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Require compliance with intellectual property rights 725164e5-3b21-1ec2-7e42-14f077862841 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Require developer to identify SDLC ports, protocols, and services f6da5cca-5795-60ff-49e1-4972567815fe Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Require developers to build security architecture f131c8c5-a54a-4888-1efc-158928924bc1 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Require developers to describe accurate security functionality 3e37c891-840c-3eb4-78d2-e2e0bb5063e0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Require developers to document approved changes and potential impact 3a868d0c-538f-968b-0191-bddb44da5b75 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Require developers to implement only approved changes 085467a6-9679-5c65-584a-f55acefd0d43 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Require developers to manage change integrity b33d61c1-7463-7025-0ec0-a47585b59147 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Require developers to produce evidence of security assessment plan execution f8a63511-66f1-503f-196d-d6217ee0823a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Require developers to provide training 676c3c35-3c36-612c-9523-36d266a65000 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Require developers to provide unified security protection approach 7a114735-a420-057d-a651-9a73cd0416ef Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Require external service providers to comply with security requirements 4e45863d-9ea9-32b4-a204-2680bc6007a6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Require interconnection security agreements 096a7055-30cb-2db4-3fda-41b20ac72667 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Require notification of third-party personnel transfer or termination afd5d60a-48d2-8073-1ec2-6687e22f2ddd Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Require third-party providers to comply with personnel security policies and procedures e8c31e15-642d-600f-78ab-bad47a5787e6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Require use of individual authenticators 08ad71d0-52be-6503-4908-e015460a16ae Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Require users to sign access agreement 3af53f59-979f-24a8-540f-d7cdbc366607 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Rescreen individuals at a defined frequency c6aeb800-0b19-944d-92dc-59b893722329 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Resource logs in Azure Data Lake Store should be enabled 057ef27e-665e-4328-8ea3-04b3122bd9fb Data Lake Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Resource logs in Azure Stream Analytics should be enabled f9be5368-9bf5-4b84-9e0a-7850da98bb46 Stream Analytics Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Resource logs in Batch accounts should be enabled 428256e6-1fac-4f48-a757-df34c2b3336d Batch Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Resource logs in Data Lake Analytics should be enabled c95c74d9-38fe-4f0d-af86-0c7d626a315c Data Lake Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Resource logs in Event Hub should be enabled 83a214f7-d01a-484b-91a9-ed54470c9a6a Event Hub Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Resource logs in IoT Hub should be enabled 383856f8-de7f-44a2-81fc-e5135b5c2aa4 Internet of Things Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Resource logs in Key Vault should be enabled cf820ca0-f99e-4f3e-84fb-66e913812d21 Key Vault Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Resource logs in Logic Apps should be enabled 34f95f76-5386-4de7-b824-0d8478470c9d Logic Apps Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Resource logs in Search services should be enabled b4330a05-a843-4bc8-bf9a-cacce50c67f4 Search Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Resource logs in Service Bus should be enabled f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Service Bus Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Restore resources to operational state f801d58e-5659-9a4a-6e8d-02c9334732e5 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Restrict access to private keys 8d140e8b-76c7-77de-1d46-ed1b2e112444 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Restrict access to privileged accounts 873895e8-0e3a-6492-42e9-22cd030e9fcd Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Restrict location of information processing, storage and services 0040d2e5-2779-170d-6a2c-1f5fca353335 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Restrict media use 6122970b-8d4a-7811-0278-4c6c68f61e4f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Restrict unauthorized software and firmware installation 4ee5975d-2507-5530-a20a-83a725889c6f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Restrict use of open source software 08c11b48-8745-034d-1c1b-a144feec73b9 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Resume all mission and business functions 91a54089-2d69-0f56-62dc-b6371a1671c0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Retain previous versions of baseline configs 5e4e9685-3818-5934-0071-2620c4fa2ca5 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Retain security policies and procedures efef28d0-3226-966a-a1e8-70e89c1b30bc Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Retain terminated user data 7c7032fe-9ce6-9092-5890-87a1a3755db1 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Retain training records 3153d9c0-2584-14d3-362d-578b01358aeb Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Reveal error messages 20762f1e-85fb-31b0-a600-e833633f10fe Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review access control policies and procedures 03d550b4-34ee-03f4-515f-f2e2faf7a413 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review account provisioning logs a830fe9e-08c9-a4fb-420c-6f6bf1702395 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review administrator assignments weekly f27a298f-9443-014a-0d40-fef12adf0259 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review and reevaluate privileges 585af6e9-90c0-4575-67a7-2f9548972e32 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review and sign revised rules of behavior 6c0a312f-04c5-5c97-36a5-e56763a02b6b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review and update configuration management policies and procedures eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review and update contingency planning policies and procedures e9c60c37-65b0-2d72-6c3c-af66036203ae Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review and update identification and authentication policies and procedures 29acfac0-4bb4-121b-8283-8943198b1549 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review and update incident response policies and procedures b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review and update information integrity policies and procedures 6bededc0-2985-54d5-4158-eb8bad8070a0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review and update media protection policies and procedures b4e19d22-8c0e-7cad-3219-c84c62dc250f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review and update personnel security policies and procedures e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review and update physical and environmental policies and procedures 91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review and update planning policies and procedures 28aa060e-25c7-6121-05d8-a846f11433df Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review and update risk assessment policies and procedures 20012034-96f0-85c2-4a86-1ae1eb457802 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review and update system and communications protection policies and procedures adf517f3-6dcd-3546-9928-34777d0c277e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review and update system and services acquisition policies and procedures f49925aa-9b11-76ae-10e2-6e973cc60f37 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review and update system maintenance policies and procedures 2067b904-9552-3259-0cdd-84468e284b7c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review and update the events defined in AU-02 a930f477-9dcb-2113-8aa7-45bb6fc90861 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review and update the information security architecture ced291b8-1d3d-7e27-40cf-829e9dd523c8 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review audit data 6625638f-3ba1-7404-5983-0ea33d719d34 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review changes for any unauthorized changes c246d146-82b0-301f-32e7-1065dcd248b7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review cloud identity report overview 8aec4343-9153-9641-172c-defb201f56b3 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review cloud service provider's compliance with policies and agreements ffea18d9-13de-6505-37f3-4c1f88070ad7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review content prior to posting publicly accessible information 9e3c505e-7aeb-2096-3417-b132242731fc Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review contingency plan 53fc1282-0ee3-2764-1319-e20143bb0ea5 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review controlled folder access events f48b60c6-4b37-332f-7288-b6ea50d300eb Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review development process, standards and tools 1e876c5c-0f2a-8eb6-69f7-5f91e7918ed6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review exploit protection events a30bd8e9-7064-312a-0e1f-e1b485d59f6e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review file and folder activity ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review label activity and analytics e23444b9-9662-40f3-289e-6d25c02b48fa Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review malware detections report weekly 4a6f5cbd-6c6b-006f-2bb1-091af1441bce Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review publicly accessible content for nonpublic information b5244f81-6cab-3188-2412-179162294996 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review role group changes weekly 70fe686f-1f91-7dab-11bf-bca4201e183b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review security assessment and authorization policies and procedures a4493012-908c-5f48-a468-1e243be884ce Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review the results of contingency plan testing 5d3abfea-a130-1208-29c0-e57de80aa6b0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review threat protection status weekly fad161f5-5261-401a-22dd-e037bae011bd Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review user accounts 79f081c7-1634-01a1-708e-376197999289 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review user groups and applications with access to sensitive data eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review user privileges f96d2186-79df-262d-3f76-f371e3b71798 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Revoke privileged roles as appropriate 32f22cfa-770b-057c-965b-450898425519 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Role-Based Access Control (RBAC) should be used on Kubernetes Services ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Security Center Default
Audit
Allowed
Audit, Disabled		 0 GA
Route traffic through authenticated proxy network d91558ce-5a5c-551b-8fbb-83f793255e09 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Route traffic through managed network access points bab9ef1d-a16d-421a-822d-3fa94e808156 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Run simulation attacks a8f9c283-9a66-3eb3-9e10-bdba95b85884 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Satisfy token quality requirements 056a723b-4946-9d2a-5243-3aa27c4d31a1 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Saved-queries in Azure Monitor should be saved in customer storage account for logs encryption fa298e57-9444-42ba-bf04-86e8470e32c7 Monitoring Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled		 0 GA
Secure commitment from leadership 70057208-70cc-7b31-3c3a-121af6bc1966 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Secure the interface to external systems ff1efad2-6b09-54cc-01bf-d386c4d558a8 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Secure transfer to storage accounts should be enabled 404c3081-a854-4457-ae30-26a93ef643f9 Storage Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Select additional testing for security control assessments f78fc35e-1268-0bca-a798-afcba9d2330a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Separate duties of individuals 60ee1260-97f0-61bb-8155-5d8b75743655 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Separate user and information system management functionality 8a703eb5-4e53-701b-67e4-05ba2f7930c8 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Separately store backup information fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Service Bus Premium namespaces should use a customer-managed key for encryption 295fc8b1-dc9f-4f53-9c61-3f313ceab40a Service Bus Default
Audit
Allowed
Audit, Disabled		 0 GA
Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign 617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Service Fabric clusters should only use Azure Active Directory for client authentication b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Set automated notifications for new and trending cloud applications in your organization af38215f-70c4-0cd6-40c2-c52d86690a45 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Specify permitted actions associated with customer audit information 3eecf628-a1c8-1b48-1b5c-7ca781e97970 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
SQL databases should have vulnerability findings resolved feedbf84-6b99-488c-acc2-71c829aa5ffc Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
SQL managed instances should use customer-managed keys to encrypt data at rest ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
SQL servers on machines should have vulnerability findings resolved 6ba6d016-e7c3-4842-b8f2-4992ebc0d72d Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
SQL servers should use customer-managed keys to encrypt data at rest 0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
SQL servers with auditing to storage account destination should be configured with 90 days retention or higher 89099bee-89e0-4b26-a5f4-165451757743 SQL Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Storage account encryption scopes should use customer-managed keys to encrypt data at rest b5ec538c-daa0-4006-8596-35468b9148e8 Storage Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Storage accounts should be migrated to new Azure Resource Manager resources 37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Storage accounts should have infrastructure encryption 4733ea7b-a883-42fe-8cac-97454c2a9e4a Storage Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Storage accounts should restrict network access 34c877ad-507e-4c82-993e-3452a6e0ad3c Storage Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Storage accounts should restrict network access using virtual network rules 2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Storage accounts should use customer-managed key for encryption 6fac406b-40ca-413b-bf8e-0bf964659c25 Storage Default
Audit
Allowed
Audit, Disabled		 0 GA
Storage accounts should use private link 6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Subnets should be associated with a Network Security Group e71308d3-144b-4262-b144-efdc3cc90517 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Subscriptions should have a contact email address for security issues 4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Support personal verification credentials issued by legal authorities 1d39b5d9-0392-8954-8359-575ce1957d1a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
System updates on virtual machine scale sets should be installed c3f317a7-a95c-4547-b7e7-11017ebdf2fe Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
System updates should be installed on your machines 86b3d65f-7626-441e-b690-81a8b71cff60 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Take action in response to customer information d25cbded-121e-0ed6-1857-dc698c9095b1 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Temp disks and cache for agent node pools in Azure Kubernetes Service clusters should be encrypted at host 41425d9f-d1a5-499a-9932-f8ed8453932c Kubernetes Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Terminate customer controlled account credentials 76d66b5c-85e4-93f5-96a5-ebb2fad61dc6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Terminate user session automatically 4502e506-5f35-0df4-684f-b326e3cc7093 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Test contingency plan at an alternate processing location ba99d512-3baa-1c38-8b0b-ae16bbd34274 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Test the business continuity and disaster recovery plan 58a51cde-008b-1a5d-61b5-d95849770677 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
There should be more than one owner assigned to your subscription 09024ccc-0c5f-475e-9457-b7c0d9ed487b Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Track software license usage 77cc89bb-774f-48d7-8a84-fb8c322c3000 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Train personnel on disclosure of nonpublic information 97f0d974-1486-01e2-2088-b888f46c0589 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Transfer backup information to an alternate storage site 7bdb79ea-16b8-453e-4ca4-ad5b16012414 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Transparent Data Encryption on SQL databases should be enabled 17k78e20-9358-41c9-923c-fb736d382a12 SQL Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Turn on sensors for endpoint security solution 5fc24b95-53f7-0ed1-2330-701b539b97fe Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Undergo independent security review 9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Update antivirus definitions ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Update contingency plan 14a4fd0a-9100-1e12-1362-792014a28155 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Update information security policies 5226dee6-3420-711b-4709-8e675ebd828f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Update interconnection security agreements d48a6f19-a284-6fc6-0623-3367a74d3f50 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Update organizational access agreements e21f91d1-2803-0282-5f2d-26ebc4b170ef Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Update POA&M items cc057769-01d9-95ad-a36f-1e62a7f9540b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Update rules of behavior and access agreements 6610f662-37e9-2f71-65be-502bdc2f554d Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Update rules of behavior and access agreements every 3 years 7ad83b58-2042-085d-08f0-13e946f26f89 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Update the security authorization 449ebb52-945b-36e5-3446-af6f33770f8f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Use automated mechanisms for security alerts b8689b2e-4308-a58b-a0b4-6f3343a000df Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Use dedicated machines for administrative tasks b8972f60-8d77-1cb8-686f-9c9f4cdd8a59 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Use privileged identity management e714b481-8fac-64a2-14a9-6f079b2501a4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Use system clocks for audit records 1ee4c7eb-480a-0007-77ff-4ba370776266 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Verify identity before distributing authenticators 72889284-15d2-90b2-4b39-a1e9541e1152 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Verify security controls for external information systems dc7ec756-221c-33c8-0afe-c48e10e42321 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Verify security functions ece8bb17-4080-5127-915f-dc7267ee8549 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Verify software, firmware and information integrity db28735f-518f-870e-15b4-49623cbe3aa0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
View and configure system diagnostic data 0123edae-3567-a05a-9b05-b53ebe9d3e7e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
View and investigate restricted users 98145a9b-428a-7e81-9d14-ebb154a24f93 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Virtual machines and virtual machine scale sets should have encryption at host enabled fc4d8e41-e223-45ea-9bf5-eada37891d87 Compute Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity d26f7642-7545-4e18-9b75-8c9bbdee3a9a Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Virtual machines should be migrated to new Azure Resource Manager resources 1d84d5fb-01f6-4d12-ba4f-4a26081d403d Compute Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources 0961003e-5a0a-4549-abde-af6a37f2724d Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
VM Image Builder templates should use private link 2154edb9-244f-4741-9970-660785bccdaa VM Image Builder